From A10 Networks ADC ALG Security Technical Implementation Guide
Part of SRG-NET-000402-ALG-000130
Associated with: CCI-001314
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can give configuration details about the network element. Limiting access to system logs and administrative consoles to authorized personnel will help to mitigate this risk. However, user feedback and error messages should also be restricted by type and content in accordance with security best practices (e.g., ICMP messages).
Review the device configuration. Enter the following command to view detailed information about the administrative accounts: show admin detail The output of this command will show the Access type, the Privilege level, and GUI role among other parameters. If persons other than other than the authorized individuals (ISSO, ISSM, and SA) have Root, Read Write, or Read Only privileges, this is a finding.
Do not assign anyone who is not the ISSO, ISSM, and authorized System Administrators to be Administrators with Root, Read Write, or Read Only privileges. Do not configure accounts with Root, Read Write, or Read Only privileges for anyone other than the authorized individuals (ISSO, ISSM, and SA).
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer