The Bromium Enterprise Controller (BEC) must be configured to immediately disconnect or disable remote access to the BEC.

From Bromium Secure Platform 4.x Security Technical Implementation Guide

Part of SRG-APP-000316

Associated with: CCI-002322

SV-95145r1_rule The Bromium Enterprise Controller (BEC) must be configured to immediately disconnect or disable remote access to the BEC.

Vulnerability discussion

Without the ability to immediately disconnect or disable remote access, an attack or other compromise would not be immediately stopped.Applications must have the capability to immediately disconnect current users remotely accessing the information system and/or disable further remote access. The speed of disconnect or disablement varies based on the criticality of missions/business functions and the need to eliminate immediate or future remote access to organizational information systems.The remote access application (e.g., VPN client) may implement features, such as automatic disconnect (or user-initiated disconnect) in case of adverse information based on an indicator of compromise or attack.

Check content

Inspect the BEC user settings for a role with no privileges and a group that is tied to that role.  1. From the management console, click on the arrow next to "Settings". 2. Click on "Roles". 3. Identify and select the role that has no privileges assigned to it. 4. Inspect the "Role" settings to ensure that a group has been assigned. If the BEC is not configured to immediately disconnect or disable remote access to the information system, this is a finding.

Fix text

Disable access for the user account by assigning a role with zero privileges enabled. A role that has zero privileges assigned to it must exist, along with a group that is assigned to the role. 1. From the management console, click on the arrow next to "Settings". 2. Click on "Users". 3. Select the user that has been identified for disabling. 4. Add the user to the group that is associated with the role that carries zero privileges. 5. Delete/remove all other groups for that user. 6. Click "Save".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer