Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
For nonlocal maintenance sessions, the Juniper SRX Services Gateway must explicitly deny the use of J-Web.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-66605 | JUSX-DM-000167 | SV-81095r1_rule | High |
| Description |
|---|
| If unsecured functions (lacking FIPS-validated cryptographic mechanisms) are used for management sessions, the contents of those sessions are susceptible to manipulation, potentially allowing alteration and hijacking. J-Web (configured using the system services web-management option) does not meet the DoD requirement for management tools. It also does not work with all Juniper SRX hardware. By default, the web interface is disabled; however, it is easily enabled. |
| STIG | Date |
|---|---|
| Juniper SRX SG NDM Security Technical Implementation Guide | 2019-06-28 |
Details
| Check Text ( C-67231r1_chk ) |
|---|
| Verify web-management is not enabled. [edit] show system services web-management If a stanza exists that configures web-management service options, this is a finding. |
| Fix Text (F-72681r1_fix) |
|---|
| Remove the web-management service. [edit] delete system services web-management |