Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-94657 | SYMP-NM-000030 | SV-104487r1_rule | CCI-000213 | high |
| Description | ||||
| It is important that administrative access (SSH, web) to an appliance using the account of last resort be able to be restricted to only the appropriate networks/subnets in order to reduce the likelihood of unauthorized access. | ||||
| STIG | Date | |||
| Symantec ProxySG NDM Security Technical Implementation Guide | 2019-12-20 | |||
Related Frameworks
4 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-3
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1712 mappings
3.1.1
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.1.2
1.00
- DISA · V1R2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000213
1.00
- DISA · V1R2 · disa_xccdf · related
Details
Check Text (C-104487r1_chk)
Verify console access using the account of last resort has been restricted to specific networks/subnets.
1. Log on to the Web Management Console.
2. Click >> Configuration >> Authentication >> Console Access.
3. Confirm that the correct networks/subnets are specified in the list.
If there are no entries in the list, this is a finding.
Fix Text (F-100775r1_fix)
Configure console access using the account of last resort to specific networks/subnets.
1. Log on to the Web Management Console.
2. Click Configuration >> Authentication >> Console Access.
3. Click "New".
4. Enter the IP address and subnet mask for the desired network and click "OK".
5. Repeat step 4 until all desired networks have been added.
6. Click "Apply".