Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when local accounts are created.

An XCCDF Rule

Description

<VulnDiscussion>An authorized insider or individual who maliciously creates a local account could gain immediate access from a remote location to privileged information on a critical security device. Sending an alert to the administrators and ISSO when this action occurs greatly reduces the risk that accounts will be surreptitiously created. RiOS can be configured to send an SNMP trap to the SNMP server. It also sends a message to the Syslog and the local log. Either of these methods results in an alert that can be forwarded to authorized accounts.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-77337r2_rule
Severity: Medium
References: CCI-001683
Updated: about 1 year ago

Configure RiOS to capture an SNMP trap for user creation events that can be sent to the ISSO and designated administrators by the SNMP server.

Navigate to the device Management Console
Navigate to Configure >> System Settings >> Email

Enter an SMTP Server nameEnter n SMTP Port number
Check "Report Events via Email" and enter at least one email address
Check "Report Failures via Email" and enter at least one email address

Riverbed Optimization System (RiOS) must generate alerts that can be forwarded to the administrators and ISSO when local accounts are created.

Description

Remediation - Manual Procedure