Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-94657 | SYMP-NM-000030 | SV-104487r1_rule | High |
| Description |
|---|
| It is important that administrative access (SSH, web) to an appliance using the account of last resort be able to be restricted to only the appropriate networks/subnets in order to reduce the likelihood of unauthorized access. |
| STIG | Date |
|---|---|
| Symantec ProxySG NDM Security Technical Implementation Guide | 2019-12-20 |
Details
| Check Text ( C-93847r1_chk ) |
|---|
| Verify console access using the account of last resort has been restricted to specific networks/subnets. 1. Log on to the Web Management Console. 2. Click >> Configuration >> Authentication >> Console Access. 3. Confirm that the correct networks/subnets are specified in the list. If there are no entries in the list, this is a finding. |
| Fix Text (F-100775r1_fix) |
|---|
| Configure console access using the account of last resort to specific networks/subnets. 1. Log on to the Web Management Console. 2. Click Configuration >> Authentication >> Console Access. 3. Click "New". 4. Enter the IP address and subnet mask for the desired network and click "OK". 5. Repeat step 4 until all desired networks have been added. 6. Click "Apply". |