The Dell OS10 Switch must implement replay-resistant authentication mechanisms for network access to privileged accounts.

An XCCDF Rule

Description

A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack. An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.

ID: SV-269780r1051725_rule
Version: OS10-NDM-000390
Severity: Medium
References: CCI-001941
Updated: about 2 months ago

Remediation Templates

Configure the OS10 Switch to implement replay-resistant authentication mechanisms for network access to privileged accounts:

OS10(config)# crypto fips enable

WARNING: Upon committing this configuration, the system will regenerate SSH keys. Please consult documentation and toggle FIPS mode only if you know what you are doing!
Continue? [yes/no(default)]:yesOS10(config)#

Disable telnet if it has been enabled:
 OS10(config)# no ip telnet server enable

Enable SSH if it has been disabled:
 OS10(config)# ip ssh server enable

The Dell OS10 Switch must implement replay-resistant authentication mechanisms for network access to privileged accounts.

Description

Remediation Templates

A Manual Procedure