Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-72681 | VROM-CS-000240 | SV-87313r1_rule | Medium |
Description |
---|
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats. |
STIG | Date |
---|---|
vRealize - Cassandra Security Technical Implementation Guide | 2017-06-06 |
Check Text ( C-72837r1_chk ) |
---|
Review the Cassandra Server to ensure network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with the Ports, Protocols, and Services Management (PPSM) guidance are disabled. Open the console to the server that Cassandra DB is hosted at and type: "find / | grep "cassandra.yaml"". Open "cassandra.yaml" file and review "start_rpc", "start_native_transport", and "native_transport_port" parameters values. If "start_rpc" is not set to "false" and "start_native_transport" is not set to "true", this is a finding. Run following command from the console of server, hosting Cassandra: "netstat -ntl | grep Obtain the document containing the list of approved ports, protocols, and services from https://disa.deps.mil/ext/cop/iase/ppsm/Pages/cal.aspx. If protocol and port Cassandra listens at are not approved, this is a finding. |
Fix Text (F-79085r1_fix) |
---|
Configure the Cassandra Server to disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with the Ports, Protocols, and Services Management (PPSM) guidance. Open the console to the server that Cassandra DB is hosted at and type: "find / | grep "cassandra.yaml"". Open "cassandra.yaml" file and modify "start_rpc parameter" value to "false", "start_native_transport parameter" value to "true" and "native_transport_port" parameter value to one in the range of approved ports, according to https://disa.deps.mil/ext/cop/iase/ppsm/Pages/cal.aspx document (default port is 9042). |