The F5 BIG-IP appliance must be configured to use at least two authentication servers to authenticate administrative users.

An XCCDF Rule

Description

<VulnDiscussion>Centralized management of authentication settings increases the security of remote and nonlocal access methods. This control is particularly important protection against the insider threat. With robust centralized management, audit records for administrator account access to the organization's network devices can be more readily analyzed for trends and anomalies. The alternative method of defining administrator accounts on each device exposes the device configuration to remote access authentication attacks and system administrators with multiple authenticators for each network device.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-266079r1024884_rule
Severity: High
References: CCI-000366 CCI-000370
Updated: 16 days ago

From the BIG-IP GUI:
RADIUS:
1. System.
2. Users.
3. Authentication.
4. If "User Directory" is configured for "Remote - RADIUS", click "Change" at the bottom.5. Configure values for Primary and Secondary servers.
Note: To view Primary and Secondary Hosts, the "Server Configuration" must be set to "Primary & Secondary".
6. Click "Finished".

TACACS+
1. System.
2. Users.
3. Authentication.
4. If "User Directory" is configured for "Remote - TACACS+", click "Change" at the bottom
5. Add multiple IP Addresses to the "Servers" field.
6. Set "Authentication" to "Authenticate to each server until success".
7. Click "Finished".

The F5 BIG-IP appliance must be configured to use at least two authentication servers to authenticate administrative users.

Description

Remediation - Manual Procedure