Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
SRG-NET-000198-NDM-000148 | SRG-NET-000198-NDM-000148 | SRG-NET-000198-NDM-000148_rule | Medium |
Description |
---|
Although the network device is not responsible for routing all network management traffic to the management network, it must route all outgoing communications through the out-of-band management interface. If management traffic is allowed onto the user network segments, privileged information may be intercepted by non-privileged users which could lead to the compromise of network devices. The network device is installed in stealth mode with one interface installed on the management network. This interface is used for communications with the network device and other network devices. If in-band management is required because of mission requirements, a dedicated IP address for the remote management client, as well as traffic encryption is required. |
STIG | Date |
---|---|
Network Device Management Security Requirements Guide | 2013-07-30 |
Check Text ( C-SRG-NET-000198-NDM-000148_chk ) |
---|
Verify the out-of-band management interface on the network device is configured with an IP address from the address space belonging to the out-of-band management network. After determining which interface is connected to the out-of-band management access switch, review the managed device configuration. Verify the interface has been assigned an address from the local management address block. If management traffic is not directed through a dedicated management interface for purposes of access control and auditing, this is a finding. |
Fix Text (F-SRG-NET-000198-NDM-000148_fix) |
---|
Configure the network device's out-of-band management interface with an IP address from the address space belonging to the out-of-band management network. |