Free DISA STIG and SRG Library | Vaulted

V-3175

The network devices must require authentication prior to establishing a management connection for administrative access.

Finding ID
NET1636
Rule ID
SV-15448r3_rule15448r4_rule
Severity
Cat I
CCE
(None)
Group Title
Management connections must require passwords.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

Network devices with no password for administrative access via a management connection provide the opportunity for anyone with network access to the device to make configuration changes enabling them to disrupt network operations resulting in a network outage.

Fix Text

Configure authentication for all management connections.

Check Content

Review the network device configuration to verify all management connections for administrative access require authentication. Theaaa authentication login AUTH_LIST group tacacs+ local ! line vty ports0 should4 looklogin similarauthentication toAUTH_LIST exec-timeout 10 0 transport input ssh Or using the default method list as shown in the example below. thataaa referencesauthentication anlogin authenticationdefault listgroup configuredtacacs+ aslocal AUTH_LIST.! line vty 0 4 login authentication AUTH_LIST exec-timeout 10 0 transport input ssh

Responsibility

Information Assurance Officer

IA Controls

ECSC-1