The A10 Networks ADC must prohibit the use of unencrypted protocols for network access to privileged accounts.

An XCCDF Rule

Description

<VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Network devices can accomplish this by making direct function calls to encryption modules or by leveraging operating system encryption capabilities.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-82545r1_rule
Severity: Medium
References: CCI-000197
Updated: about 1 year ago

Configure the device to prohibit the use of Telnet and HTTP for device management.

The following commands enable management access to the device and the use of SSH, HTTPS, Syslog, and SNMP:
enable-management
service ssh https syslog snmp snmp-trap
Disable HTTP on the management interface:
no enable-management service http management

Note: Do not configure any management protocols on any of the other interfaces.

Disable the web server (HTTP for management).
no web-service server

The A10 Networks ADC must prohibit the use of unencrypted protocols for network access to privileged accounts.

Description

Remediation - Manual Procedure