Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-62993 | RICX-DM-000144 | SV-77483r1_rule | Medium |
Description |
---|
By immediately displaying an alarm message, potential security violations can be identified more quickly even when administrators are not logged into the network device. An example of a mechanism to facilitate this would be through the utilization of SNMP traps. |
STIG | Date |
---|---|
Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide | 2015-11-30 |
Check Text ( C-63745r1_chk ) |
---|
Verify that RiOS uses automated mechanisms to alert security personnel to threats identified by authoritative sources. Navigate to the device Management Console Navigate to Configure >> System Settings >> SNMP Basic Verify that Host Servers are defined in the section "Trap Receivers" If there are no Host Servers defined in "Trap Receivers", this is a finding. |
Fix Text (F-68911r1_fix) |
---|
Configure RiOS to use automated mechanisms to alert security personnel to threats identified by authoritative sources. Navigate to the device Management Console Navigate to Configure >> System Settings >> SNMP Basic Click "Add a New Trap Receiver" Set "Receiver IP Address" to the address of the trap receiver Set "Destination Port:" to the port that the Trap Receiver is listening on Set "Receiver Type:" to "v3" Set "Remote User:" to the user name on the Trap Receiver Set "Authentication:" to Set "Authentication Protocol:" to "SHA" SHA Key: Set "Security Level:" to "Auth/Priv" Set "Privacy Protocol:" to "AES" Set "Privacy:" to Select "same as Authentication Key" Set "Enable Receiver" Click "Add" Navigate to the top of the web page and click "Save" to save these settings permanently |