UCF STIG Viewer Logo

Sun Ray Desktop Unit to server communication is not encrypted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16146 SUN0170 SV-17135r1_rule DCSR-1 DCSR-2 DCSR-3 Medium
Description
In earlier versions of Sun Ray Server Software, data packets on the Sun Ray interconnect were sent in the clear or in plaintext. This made it easy to “snoop” the traffic and recover vital and private user information, which malicious users might misuse. To avoid this type of attack, Sun Ray Server Software allows administrators to enable traffic encryption. The encryption algorithm used is the ARCFOUR or RC4. NOTE: Terminal Services for Windows 2000 uses the same RC4 encryption algorithm. RDP traffic is encrypted using 128 bit encryption. The algorithm used for encryption depends on the encryption mode. Windows 2003 is FIPS compliant. In FIPS mode, 3DES and SHA1 are used. In non-FIPS mode, RC4 (encryption) and MD5 (keyed hashing) are used.
STIG Date
Sun Ray 4 STIG 2015-04-02

Details

Check Text ( C-17189r1_chk )
Within the Sun Ray Administration console, perform the following:
1. Select the Advanced Tab.
2. Select the Security Tab.
3. Verify that “Upstream Encryption” and “Downstream Encryption” are checked.
4. If these are not checked, this is a finding.
Fix Text (F-16251r1_fix)
Encrypt Sun Ray traffic to all Desktop Units.