From Riverbed SteelHead CX v8 ALG Security Technical Implementation Guide
Part of SRG-NET-000131-ALG-000085
Associated with: CCI-000381
Because Wan Optimization is optimally installed in the architecture at the perimeter, installation of unnecessary functions and services on the same host increases the risk by implementing these functions before the network inspection functions and excessive open ports on the firewall for these functions and services to operation. Loading functions that are outside the scope and unrelated to the WAN optimization function is unauthorized and may create an attack vector. Related services include content filtering, traffic analysis, decryption, caching, and traffic inspection tools (e.g., firewall, IDS), unrelated services include email, DNS, web server.
If RiOS is installed on the SteelHead appliance, this is a finding. Inspect the services and applications that are installed on the host with the RiOS application suite. Ask the site representative if a security review using the applicable STIG has been performed on the operating system and applications that are co-hosted. If unrelated or unnecessary services are installed on the same host as the RiOS, this is a finding. If a security review using the applicable STIG has not been performed on the operating system and applications co-hosted on with the RiOS, this is a finding.
Disable or uninstall unrelated or unnecessary services from the host.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer