Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-66605 | JUSX-DM-000167 | SV-81095r1_rule | High |
Description |
---|
If unsecured functions (lacking FIPS-validated cryptographic mechanisms) are used for management sessions, the contents of those sessions are susceptible to manipulation, potentially allowing alteration and hijacking. J-Web (configured using the system services web-management option) does not meet the DoD requirement for management tools. It also does not work with all Juniper SRX hardware. By default, the web interface is disabled; however, it is easily enabled. |
STIG | Date |
---|---|
Juniper SRX SG NDM Security Technical Implementation Guide | 2017-01-05 |
Check Text ( C-67231r1_chk ) |
---|
Verify web-management is not enabled. [edit] show system services web-management If a stanza exists that configures web-management service options, this is a finding. |
Fix Text (F-72681r1_fix) |
---|
Remove the web-management service. [edit] delete system services web-management |