The DataPower Gateway must employ automated mechanisms to centrally apply authentication settings.

From IBM DataPower Network Device Management Security Technical Implementation Guide

Part of SRG-APP-000516-NDM-000337

Associated with: CCI-000366 CCI-000371

SV-79669r1_rule The DataPower Gateway must employ automated mechanisms to centrally apply authentication settings.

Vulnerability discussion

The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network device management. Maintaining local administrator accounts for daily usage on each network device without centralized management is not scalable or feasible. Without centralized management, it is likely that credentials for some network devices will be forgotten, leading to delays in administration, which itself leads to delays in remediating production problems and in addressing compromises in a timely fashion.

Check content

Go to Administration >> Access >> RBM Settings. Verify Authentication Method is LDAP. If it is not, this is a finding.

Fix text

Go to Administration >> Access >> RBM Settings. Set Authentication Method to LDAP. Configure LDAP connection as needed.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer