Remote management access and SNMP access and reporting are not restricted by IP address and/or subnet.

From Video Services Policy STIG

Part of RTS-VTC 3160.00 [IP]

Associated with IA controls: ECSC-1, DCBP-1

SV-18878r2_rule Remote management access and SNMP access and reporting are not restricted by IP address and/or subnet.

Vulnerability discussion

In any network device management system, it is best practice to limit the IP address or addresses from which a network attached device can be accessed and to which device status information can be sent.

Check content

[IP]; Interview the IAO and validate compliance with the following requirement: If the VTU is connected to an IP based LAN, ensure remote management access (administrator and management system/server/application) and SNMP access and reporting is restricted by IP address and/or subnet. Determine what IP addresses or subnets are authorized to send VTC system/device “Remote Control/Management/Configuration” messages and what IP addresses or subnets are authorized to receive monitoring or status messages from the VTC system/device. Have the SA demonstrate how the VTC system/device is configured to restrict “Remote Control/Management/Configuration” messages to and from these authorized IP addresses or subnets. This is a finding if there is no limitation on either sending or receiving these messages. Note: During APL testing, this is a finding in the event the VTC system/devoice does not support the limiting of all management traffic to authorized IP addresses or subnets.

Fix text

[IP]; Perform the following tasks: Configure the VTC system/device to restrict The source and/or destination of VTC system/device “Remote Control/Management/Configuration” and monitoring/status traffic to/from authorized IP addresses or subnets.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer