The IAO will ensure the authentication server is configured to use tiered authorization groups for various levels of access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-25895 | NET0432 | SV-32517r1_rule | Low |
| Description |
|---|
| The foundation of a good security scheme in the network is the protection of the user interfaces of the networking devices from unauthorized access. Protecting access to the user interfaces on your network devices prevents unauthorized users from making configuration changes that can disrupt the stability of your network or compromise your network security. |
| STIG | Date |
|---|---|
| Network Devices Security Technical Implementation Guide | 2018-11-27 |
Details
| Check Text ( C-32826r1_chk ) |
|---|
| Review the AAA server implemented and determine if user profiles are members of a group. Determine if the groups have different privileges and the users are in the appropriate groups. In the following TACACS example the user (rtr-test) is a member of the group “rtr-basic”. User Profile Information user = rtr_test{ profile_id = 66 profile_cycle = 1 member = rtr_basic password = des "********" } Below is an example of CiscoSecure TACACS+ server defining the privilege level. user = junior-engineer1 { password = clear "xxxxx" service = shell { set priv-lvl = 7 } } |
| Fix Text (F-28937r1_fix) |
|---|
| The administrator will configure the authentication server with standard accounts and assign them to privilege levels that meet their job description |