Riverbed Optimization System (RiOS) must generate an alert that can be sent to security personnel when threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B occur.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-62993	RICX-DM-000144	SV-77483r1_rule		Medium

Description
By immediately displaying an alarm message, potential security violations can be identified more quickly even when administrators are not logged into the network device. An example of a mechanism to facilitate this would be through the utilization of SNMP traps.

STIG	Date
Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide	2019-10-01

Details

Check Text ( C-63745r1_chk )
Verify that RiOS uses automated mechanisms to alert security personnel to threats identified by authoritative sources. Navigate to the device Management Console Navigate to Configure >> System Settings >> SNMP Basic Verify that Host Servers are defined in the section "Trap Receivers" If there are no Host Servers defined in "Trap Receivers", this is a finding.

Fix Text (F-68911r1_fix)
Configure RiOS to use automated mechanisms to alert security personnel to threats identified by authoritative sources. Navigate to the device Management Console Navigate to Configure >> System Settings >> SNMP Basic Click "Add a New Trap Receiver" Set "Receiver IP Address" to the address of the trap receiver Set "Destination Port:" to the port that the Trap Receiver is listening on Set "Receiver Type:" to "v3" Set "Remote User:" to the user name on the Trap Receiver Set "Authentication:" to Set "Authentication Protocol:" to "SHA" SHA Key: Set "Security Level:" to "Auth/Priv" Set "Privacy Protocol:" to "AES" Set "Privacy:" to Select "same as Authentication Key" Set "Enable Receiver" Click "Add" Navigate to the top of the web page and click "Save" to save these settings permanently

Fix Text (F-68911r1_fix)

Configure RiOS to use automated mechanisms to alert security personnel to threats identified by authoritative sources.

Navigate to the device Management Console
Navigate to Configure >> System Settings >> SNMP Basic
Click "Add a New Trap Receiver"
Set "Receiver IP Address" to the address of the trap receiver
Set "Destination Port:" to the port that the Trap Receiver is listening on
Set "Receiver Type:" to "v3"
Set "Remote User:" to the user name on the Trap Receiver
Set "Authentication:" to
Set "Authentication Protocol:" to "SHA"
SHA Key:
Set "Security Level:" to "Auth/Priv"
Set "Privacy Protocol:" to "AES"
Set "Privacy:" to Select "same as Authentication Key"
Set "Enable Receiver"
Click "Add"

Navigate to the top of the web page and click "Save" to save these settings permanently