Free DISA STIG and SRG Library | Vaulted

V-3175

The network devices must require authentication prior to establishing a management connection for administrative access.

Finding ID
NET1636
Rule ID
SV-15448r4_rule15448r3_rule
Severity
Cat I
CCE
(None)
Group Title
Management connections must require passwords.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

Network devices with no password for administrative access via a management connection provide the opportunity for anyone with network access to the device to make configuration changes enabling them to disrupt network operations resulting in a network outage.

Fix Text

Configure authentication for all management connections.

Check Content

Review the network device configuration to verify all management connections for administrative access require authentication. aaaThe authentication login AUTH_LIST group tacacs+ local ! line vty 0ports 4should loginlook authenticationsimilar AUTH_LISTto exec-timeout 10 0 transport input ssh Or using the default method list as shown in the example below. aaathat authenticationreferences loginan defaultauthentication grouplist tacacs+configured localas !AUTH_LIST. line vty 0 4 login authentication AUTH_LIST exec-timeout 10 0 transport input ssh

Responsibility

Information Assurance Officer

IA Controls

ECSC-1