For nonlocal maintenance sessions, the Juniper SRX Services Gateway must explicitly deny the use of J-Web.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-223237 | SRG-APP-000142-NDM-000245 | JUSX-DM-000167 | SV-223237r1043177_rule | 2024-12-20 | 3 |
Description
If unsecured functions (lacking FIPS-validated cryptographic mechanisms) are used for management sessions, the contents of those sessions are susceptible to manipulation, potentially allowing alteration and hijacking.
J-Web (configured using the system services web-management option) does not meet the DoD requirement for management tools. It also does not work with all Juniper SRX hardware. By default, the web interface is disabled; however, it is easily enabled.
ℹ️ Check
Verify web-management is not enabled.
[edit]
show system services web-management
If a stanza exists that configures web-management service options, this is a finding.
✔️ Fix
Remove the web-management service.
[edit]
delete system services web-management