UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

For nonlocal maintenance sessions, the Juniper SRX Services Gateway must explicitly deny the use of J-Web.


Overview

Finding ID Version Rule ID IA Controls Severity
V-66605 JUSX-DM-000167 SV-81095r1_rule High
Description
If unsecured functions (lacking FIPS-validated cryptographic mechanisms) are used for management sessions, the contents of those sessions are susceptible to manipulation, potentially allowing alteration and hijacking. J-Web (configured using the system services web-management option) does not meet the DoD requirement for management tools. It also does not work with all Juniper SRX hardware. By default, the web interface is disabled; however, it is easily enabled.
STIG Date
Juniper SRX SG NDM Security Technical Implementation Guide 2017-01-05

Details

Check Text ( C-67231r1_chk )
Verify web-management is not enabled.

[edit]
show system services web-management

If a stanza exists that configures web-management service options, this is a finding.
Fix Text (F-72681r1_fix)
Remove the web-management service.

[edit]
delete system services web-management