The A10 Networks ADC must not have any unnecessary or unapproved virtual servers configured.

From A10 Networks ADC ALG Security Technical Implementation Guide

Associated with: CCI-001109

SV-82463r1_rule The A10 Networks ADC must not have any unnecessary or unapproved virtual servers configured.

Vulnerability discussion

A deny-all, permit-by-exception network communications traffic policy ensures that only those connections which are essential and approved are allowed.A virtual server is an instance where the device accepts traffic from outside hosts and redirects traffic to one or more real servers. In keeping with a deny-all, permit-by-exception policy, the services that the device provides to outside hosts must be only those that are necessary, documented, and approved.

Check content

Review the configured servers, service groups, and virtual servers. The following command shows information for SLB servers: show slb server The following command shows information for service groups (multiple servers): show slb service-group The following command shows information for virtual servers (the services visible to outside hosts): show slb virtual-server Ask the Administrator for the list of approved services being provided by the device and compare this against the output of the command listed above. If there are more configured virtual servers than are approved, this is a finding.

Fix text

Do not configure a server, service group, or virtual server for any unnecessary or unapproved service.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.