The IAO will ensure the syslog servers are configured IAW the appropriate OS STIG.

From Network Devices Security Technical Implementation Guide

Part of The syslog server is not compliant with OS STIG

SV-28656r1_rule The IAO will ensure the syslog servers are configured IAW the appropriate OS STIG.

Vulnerability discussion

A syslog server provides the network administrator the ability to configure all of the communication devices on a network to send log messages to a centralized host for review, correlation, reporting, and storage. This implementation provides for easier management of network events and is an effective facility for monitoring and the automatic generation of alert notification. The repository of messages facilitates troubleshooting functions when problems are encountered and can assist in performing root cause analysis.A malicious user or intruder could attempt to cover his tracks by polluting the syslog data or even force the server to crash. Disabling the syslog server would eliminate visibility of the network infrastructure that security analysts depend on. The first line of defense is to ensure that the syslog server will only accept syslog packets from known managed devices and administrative access from trusted management workstations. Because syslog messages are sent from managed devices to the syslog server in clear text an attacker on the network can easily sniff the messages. Furthermore, the syslog protocol uses UDP; thereby, making it relatively easy to spoof a managed device. Placing the syslog server on a separate subnet such as the management network isolated from general access and transient traffic will assist in reducing these risks.

Check content

Interview the IAO and syslog administrator to determine if the server is compliant with respective OS STIG.

Fix text

Ensure that the syslog server is compliant with the appropriate OS STIG

Pro Tips

Powered by sagemincer