The network element must only allow management connections for administrative access using FIPS 140-2 validated encryption algorithms or protocols.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3069 | NET1638 | SV-3069r2_rule | ECSC-1 | Medium |
| Description |
|---|
| Remote administration using non-FIPS 140-2 validated encryption is inherently dangerous because anyone with a sniffer and access to the right LAN segment can acquire the device's account and password information. With this intercepted information they could gain access to the device and cause denial of service attacks, intercept sensitive information, or perform other destructive actions. |
| STIG | Date |
|---|---|
| Free Space Optics Device Security Technical Implementation Guide (STIG) | 2013-03-14 |
Details
| Check Text ( C-3532r5_chk ) |
|---|
| Review the configuration to determine if FIPS 140-2 validated encryption algorithms such as AES or protocols such as SSH and SSL/TLS are used for management connections. |
| Fix Text (F-3094r4_fix) |
|---|
| Configure the network element to only allow management connections for administrative access using FIPS 140-2 validated encryption algorithms or protocols. |