UCF STIG Viewer Logo

For nonlocal maintenance sessions, the Juniper SRX Services Gateway must explicitly deny the use of J-Web.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223237 JUSX-DM-000167 SV-223237r513400_rule High
Description
If unsecured functions (lacking FIPS-validated cryptographic mechanisms) are used for management sessions, the contents of those sessions are susceptible to manipulation, potentially allowing alteration and hijacking. J-Web (configured using the system services web-management option) does not meet the DoD requirement for management tools. It also does not work with all Juniper SRX hardware. By default, the web interface is disabled; however, it is easily enabled.
STIG Date
Juniper SRX SG NDM Security Technical Implementation Guide 2021-03-25

Details

Check Text ( C-24910r513398_chk )
Verify web-management is not enabled.

[edit]
show system services web-management

If a stanza exists that configures web-management service options, this is a finding.
Fix Text (F-24898r513399_fix)
Remove the web-management service.

[edit]
delete system services web-management