Riverbed Optimization System (RiOS) must generate an alert that can be sent to security personnel when threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B occur.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62993 | RICX-DM-000144 | SV-77483r1_rule | Medium |
| Description |
|---|
| By immediately displaying an alarm message, potential security violations can be identified more quickly even when administrators are not logged into the network device. An example of a mechanism to facilitate this would be through the utilization of SNMP traps. |
| STIG | Date |
|---|---|
| Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide | 2019-10-01 |
Details
| Check Text ( C-63745r1_chk ) |
|---|
| Verify that RiOS uses automated mechanisms to alert security personnel to threats identified by authoritative sources. Navigate to the device Management Console Navigate to Configure >> System Settings >> SNMP Basic Verify that Host Servers are defined in the section "Trap Receivers" If there are no Host Servers defined in "Trap Receivers", this is a finding. |
| Fix Text (F-68911r1_fix) |
|---|
| Configure RiOS to use automated mechanisms to alert security personnel to threats identified by authoritative sources. Navigate to the device Management Console Navigate to Configure >> System Settings >> SNMP Basic Click "Add a New Trap Receiver" Set "Receiver IP Address" to the address of the trap receiver Set "Destination Port:" to the port that the Trap Receiver is listening on Set "Receiver Type:" to "v3" Set "Remote User:" to the user name on the Trap Receiver Set "Authentication:" to Set "Authentication Protocol:" to "SHA" SHA Key: Set "Security Level:" to "Auth/Priv" Set "Privacy Protocol:" to "AES" Set "Privacy:" to Select "same as Authentication Key" Set "Enable Receiver" Click "Add" Navigate to the top of the web page and click "Save" to save these settings permanently |