The Bromium Enterprise Controller (BEC) must protect BEC Web console from unauthorized modification.

From Bromium Secure Platform 4.x Security Technical Implementation Guide

Part of SRG-APP-000122

Associated with: CCI-001494

SV-95137r1_rule The Bromium Enterprise Controller (BEC) must protect BEC Web console from unauthorized modification.

Vulnerability discussion

Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit data.The BEC Web console can gives a view of events, threat conditions, policies, and client information and thus is considered an audit tool. BEC does not allow the integration of other audit tool provided by third-party vendors. The BEC Web console access is configured in Settings >> Users.

Check content

Obtain a list of users who are authorized read-only permissions to the BEC Web console from the site representative. Verify these users are configured for read-only access. Navigate to the Setting menu and identify Roles with read-only access. These roles will have one or more of the following privileges checked: - View device events - View policies - View events - View threats - View users - View user groups Identify the Groups that are assigned these Roles: 1. From the BEC console, click on "Settings". 2. Select User Groups. 3. Click on each group and see if one of the read-only roles is assigned. Verify the list of users with read-only privileges is assigned only to one of the Groups with a read-only Role. If users who are authorized for read-only privileges are assigned to groups with modification access, this is a finding.

Fix text

Configure the BEC Web console to restrict users who are authorized for view (read) permissions only. Configure Role with View privileges only: 1. From the BEC console, click on "Settings". 2. Select "Roles". 3. To create a new Role, click on "User Options" and select "Add Role". 4. Create a name for the Role (with optional description) - select any of the following privileges: - View device events - View policies - View events - View threats - View users - View user groups 5. Click "Save Changes". Configure Group with Read-Only Role assigned to it: 1. From the BEC console, click on "Settings". 2. Select User Groups. 3. To create a new group, click on "User Options" and select "Add User Group". 4. Create a name (with optional description) for the Group. 5. (Optional) - Synchronize Group with existing Group within Active Directory. 6. From the Role drop-down menu, select read-only Role. 7. Click "Add User Group". 1. From the BEC console, click on "Settings". 2. Select "Users". 3. Click User Options >> Add User. 4. Add new user and their Active Directory details. 5. Using the drop-down list, assign new view only user the read-only Group.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer