From A10 Networks ADC NDM Security Technical Implementation Guide
Part of SRG-APP-000172-NDM-000259
Associated with: CCI-000197
Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
Review the device configuration. The following command show the types of management access allowed on each of the interfaces: show management [ipv4 | ipv6] The following command shows IPv4 management access information: show management ipv4 If either Telnet or HTTP is listed as "on" for any interface, this is a finding. The following command shows IPv6 management access information: show management ipv6 If either Telnet or HTTP is listed as "on" for any interface, this is a finding. Verify that HTTP for management is disabled. show web-service If HTTP is enabled, this is a finding. HTTPS is allowed for management and is enabled by default.
Configure the device to prohibit the use of Telnet and HTTP for device management. The following commands enable management access to the device and the use of SSH, HTTPS, Syslog, and SNMP: enable-management service ssh https syslog snmp snmp-trap Disable HTTP on the management interface: no enable-management service http management Note: Do not configure any management protocols on any of the other interfaces. Disable the web server (HTTP for management). no web-service server
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer