Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25894 | NET0431 | SV-32516r1_rule | Low |
Description |
---|
AAA network security services provide the primary framework through which a network administrator can set up access control on network points of entry or network access servers, which is usually the function of a router or access server. Authentication identifies a user; authorization determines what that user can do; and accounting monitors the network usage. Without AAA, unauthorized users may gain access and possibly control of the routers. If the router network is compromised, large portions of the network could be incapacitated with only a few commands. |
STIG | Date |
---|---|
Network Devices Security Technical Implementation Guide | 2018-02-27 |
Check Text ( C-32825r1_chk ) |
---|
Have the administrator discuss their implementation. A typical AAA process includes the device being authenticated to direct authentication request directly to a 2-facor server (i.e. ACE) or to an AAA server via RADIUS or TACACS+ which redirects the 'authentication' request to the 2-facor server. Request the administrator to demonstrate the implementation. |
Fix Text (F-28936r1_fix) |
---|
The IAO will implement a 2-factor authentication solution for granting administrative access to all network elements. |