Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3175 | NET1636 | SV-3175r5_rule | ECSC-1 | High |
Description |
---|
Network devices with no password for administrative access via a management connection provide the opportunity for anyone with network access to the device to make configuration changes enabling them to disrupt network operations resulting in a network outage. |
STIG | Date |
---|---|
Layer 2 Switch Security Technical Implementation Guide | 2015-09-21 |
Check Text ( C-3516r9_chk ) |
---|
Review the network device configuration to verify all management connections for administrative access require authentication. If authentication isn't configured for management access, this is a finding. |
Fix Text (F-3200r3_fix) |
---|
Configure authentication for all management connections. |