The Nokia router must protect audit information from unauthorized modification.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-283766 | NOKI-ND-000260 | SV-283766r1203597_rule | CCI-000163 | medium |
| Description | ||||
| Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit network device activity. If audit data were to become compromised, forensic analysis and discovery of the true source of potentially malicious system activity would be impossible to achieve. To ensure the veracity of audit data, the network device must protect audit information from unauthorized modification. This requirement can be achieved through multiple methods, which will depend on system architecture and design. Some commonly employed methods include ensuring log files receive the proper file system permissions and limiting log data locations. Network devices providing a user interface to audit data will leverage user permissions and roles identifying the user accessing the data, along with the corresponding user rights, to make access decisions regarding the modification of audit data. | ||||
| STIG | Date | |||
| Nokia Service Router OS 25.x Network Device Management Security Technical Implementation Guide | 2026-06-15 | |||
Details
Check Text (C-283766r1203597_chk)
Determine if the Nokia router protects audit information from any type of unauthorized modification with such methods as ensuring log files receive the proper file system permissions, limiting log data locations, and leveraging user permissions and roles to identify the user accessing the data and the corresponding user rights.
Verify the authentication server is configured using the command below:
- show system security authentication
Verify authentication servers are configured with correct user privileges to restrict access to the router file system.
Verify each local user has the correct "profile" assigned, the user is "restricted to home", and the "home directory" is defined:
- show system security user detail
If the Nokia router is not configured with external authentication servers, this is a finding.
Fix Text (F-88236r1203596_fix)
Configure the Nokia router to protect audit information from unauthorized modification by configuring authentication servers and applying correct authorization privileges for each user.
Multiple RADIUS servers can be configured per the configuration below:
- configure system security radius
- accounting
- authorization
- server <radius server ip address>
For local accounts, assign the correct user profile to each user:
- configure system security user <user name> console member <profile name>
Users can also be restricted to the user's home directory. If the home directory for the user is not configured, the user does not have access to any directory:
- configure system security user <user name>
- restricted-to-home
If the user requires a directory, it can be configured using the command below:
- home-directory <directory >