IBM Aspera Shares must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
An XCCDF Rule
Description
<VulnDiscussion>Lack of authentication enables anyone to gain access to the network or possibly a network element that provides opportunity for intruders to compromise resources within the network infrastructure. By identifying and authenticating non-organizational users, their access to network resources can be restricted accordingly. IBM Aspera Faspex external users must register for an account and be authenticated before downloading a package. This authentication is conducted by the IBM Aspera Faspex server using password authentication.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-252602r817976_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
To configure Aspera Shares to authenticate all external recipients of Shares packages before they can download packages or files within packages:
- Log in to the IBM Aspera Shares web page as a user with administrative privilege.
- Select the "Admin" tab.
- Scroll down to the "Security" section.
- Select the "User Security" option from the left menu.