Symantec ProxySG NDM Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Symantec ProxySG must be configured with only one local account that is used as the account of last resort.
<VulnDiscussion>Authentication for administrative (privileged level) access to the device is required at all times. An account can be created...Rule Medium Severity -
SRG-APP-000033-NDM-000212
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must be configured to enforce user authorization to implement least privilege.
<VulnDiscussion>To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DoD-ap...Rule High Severity -
SRG-APP-000033-NDM-000212
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges.
<VulnDiscussion>It is important that administrative access (SSH, web) to an appliance using the account of last resort be able to be restrict...Rule High Severity -
SRG-APP-000038-NDM-000213
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must be configured to enforce assigned privilege levels for approved administrators when accessing the management console, SSH, and the command line interface (CLI).
<VulnDiscussion>A mechanism to detect and prevent unauthorized communication flow must be configured or provided as part of the system design...Rule Medium Severity -
SRG-APP-000065-NDM-000214
<GroupDescription></GroupDescription>Group -
Symantec ProxySG must be configured to enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period.
<VulnDiscussion>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise...Rule Medium Severity -
Symantec ProxySG must be configured to support centralized management and configuration of the audit log.
<VulnDiscussion>Without the ability to centrally manage the content captured in the audit records, identification, troubleshooting, and corre...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.