Riverbed Optimization System (RiOS) must disable the local Shark and Monitor accounts so they cannot be used as shared accounts by users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62837 | RICX-DM-000003 | SV-77327r1_rule | Medium |
| Description |
|---|
| The Monitor and Shark accounts which are default group accounts with shared credentials. Monitor and Shark accounts are not enabled by default, but cannot be deleted since these network tools are designed to look for that account. Monitor is a read-only account for auditor's configuration management. Shark is used to access packet captures. If the credentials for these accounts are changed, the function of the system will not be adversely impacted. |
| STIG | Date |
|---|---|
| Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide | 2019-10-01 |
Details
| Check Text ( C-63631r1_chk ) |
|---|
| Verify that RiOS is configured to the assigned privilege level for each administrator. Navigate to the device Management Console Navigate to Configure >> Security >> User Permissions Verify the privilege level values for Shark and Monitor If all privileges for the Shark and Monitor accounts are not set to Deny, this is a finding. |
| Fix Text (F-68755r1_fix) |
|---|
| Configure RiOS to enforce assigned privilege level for each administrator in accordance with site documented requirements. Navigate to the device Management Console Navigate to Configure >> Security >> User Permissions Remove all values of "Roles and Permissions" for the Monitor and Shark accounts Click "Apply" to save the changes Navigate to the top of the web page and click "Save" to write changes to memory |