Accounts for device management must be configured on the authentication server and not the network device itself, except for the account of last resort.

An XCCDF Rule

Description

<VulnDiscussion>Centralized management of authentication settings increases the security of remote and nonlocal access methods. This control is particularly important protection against the insider threat. With robust centralized management, audit records for administrator account access to the organization's network devices can be more readily analyzed for trends and anomalies. The alternative method of defining administrator accounts on each device exposes the device configuration to remote access authentication attacks and system administrators with multiple authenticators for each network device.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-91717r1_rule
Severity: Medium
References: CCI-000366 CCI-000370
Updated: about 1 year ago

Navigate to Settings >> Initial Configuration >> Authentication.

Enter the correct LDAP server entry.

Press the button for "LDAP Based Authentication" so that it is enabled.
If necessary, press the "Disabled" button for "Native takes precedence".

Press the "Commit" button.

Accounts for device management must be configured on the authentication server and not the network device itself, except for the account of last resort.

Description

Remediation - Manual Procedure