Provide teleworkers training on best practices for operating a secure network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-19147 | SRC-EPT-120 | SV-20960r1_rule | Low |
| Description |
|---|
| Changing the default passwords on the devices helps protect against attackers using these LANs to gain access to the device. List of manufacturer default passwords are widely available on the Internet. |
| STIG | Date |
|---|---|
| Remote Access Policy STIG | 2016-03-28 |
Details
| Check Text ( C-22781r1_chk ) |
|---|
| Review the security checklist or user agreement. Verify that users have received information on the following best practices. – Changing device password on home network level devices such as routers and firewalls. - Configuring the device so that it cannot be administered from outside the home network, preventing external attackers from taking control of the device. – Configuring the device to silently ignore unsolicited requests sent to it, which essentially hides the device from malicious parties. – Checking for updates and applying them periodically, as explained in the vendor’s documentation—either automatically (typically daily or weekly) or manually (to be performed by the teleworker at least monthly) . – For broadband routers, turning off or disabling built-in wireless access points (AP) that are not being used. – The proper precautionary measures for a firewall appliance or broadband router vary. |
| Fix Text (F-19698r1_fix) |
|---|
| Train users as required. |