From Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide
Part of SRG-APP-000291-NDM-000275
Associated with: CCI-001683
An authorized insider or individual who maliciously creates a local account could gain immediate access from a remote location to privileged information on a critical security device. Sending an alert to the administrators and ISSO when this action occurs greatly reduces the risk that accounts will be surreptitiously created.
Verify that RiOS captures an SNMP trap for user creation events that can be sent to the ISSO and designated administrators by the SNMP server. Navigate to the device CLI Type: show rbm users Verify that the privilege level is correct for each administrator -- or -- Navigate to the device Management Console Navigate to Configure >> Security >> User Permissions Verify that the privilege level is correct for each administrator If the privilege level settings are not in accordance with applicable policy, this is a finding.
Configure RiOS to capture an SNMP trap for user creation events that can be sent to the ISSO and designated administrators by the SNMP server.
Navigate to the device CLI
Type: rbm user
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer