Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-94657 | SRG-APP-000033-NDM-000212 | SYMP-NM-000030 | SV-104487r1_rule | 2019-12-20 | 1 |
Description
It is important that administrative access (SSH, web) to an appliance using the account of last resort be able to be restricted to only the appropriate networks/subnets in order to reduce the likelihood of unauthorized access.
ℹ️ Check
Verify console access using the account of last resort has been restricted to specific networks/subnets.
1. Log on to the Web Management Console.
2. Click >> Configuration >> Authentication >> Console Access.
3. Confirm that the correct networks/subnets are specified in the list.
If there are no entries in the list, this is a finding.
✔️ Fix
Configure console access using the account of last resort to specific networks/subnets.
1. Log on to the Web Management Console.
2. Click Configuration >> Authentication >> Console Access.
3. Click "New".
4. Enter the IP address and subnet mask for the desired network and click "OK".
5. Repeat step 4 until all desired networks have been added.
6. Click "Apply".