The DataPower Gateway must not use 0.0.0.0 as the management IP address.

An XCCDF Rule

Details
Profiles

Description

If 0.0.0.0 as the management IP address, the DataPower appliance will listen on all configured interfaces for management traffic. This can allow an attacker to gain privileged-level access from an untrusted network.

ID: SV-79679r1_rule
Version: WSDP-NM-000143
Severity: Medium
References: CCI-001368
Updated: 15 days ago

Remediation Templates

To configure the DataPower appliance for web management:

Using an administrator account, log on to the default domain of the appliance.

On the Configure Web Management Service screen, complete the required information.
Set the Administrative state to “enabled”.

For the Local Address, use the IP address from the management subnet assigned to the unit.

The DataPower Gateway must not use 0.0.0.0 as the management IP address.

Description

Remediation Templates

A Manual Procedure