Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally manage authentication settings.

An XCCDF Rule

Description

<VulnDiscussion>The use of authentication servers or other centralized management servers for providing centralized authentication services is required for network device management. Maintaining local administrator accounts for daily usage on each network device without centralized management is not scalable or feasible. Without centralized management, it is likely that credentials for some network devices will be forgotten, leading to delays in administration, which itself leads to delays in remediating production problems and in addressing compromises in a timely fashion.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-77433r1_rule
Severity: Medium
References: CCI-000366 CCI-000370
Updated: about 1 year ago

Configure RiOS to employ automated mechanisms to centrally manage authentication settings.

Navigate to the device Management Console

Navigate to Configure >> Security >> TACACS+
Click "Add a TACACS+ Server"Set "Hostname or IP Address" to the hostname or IP address of the TACACS+ server
Set "Enabled"
Click "Add"
Click "Set a Global Default Key"
Set the value of "Global Key" to the required value
Set the value of "Confirm Global Key" to the required value
Click "Apply"

Navigate to the top of the web page and click "Save" to save these settings permanently

-- or --

Navigate to Configure >> Security >> RADIUS
Click "Add a RADIUS Server"
Set "Hostname or IP Address" to the hostname or IP address of the RADIUS server
Set the value of "Authentication Port" to the appropriate value
Set the value of "Authentication Type" to "CHAP"
Set "Enabled"
Click "Add"
Click "Set a Global Default Key"
Set the value of "Global Key" to the required value
Set the value of "Confirm Global Key" to the required value
Click "Apply"

Navigate to the top of the web page and click "Save" to save these settings permanently

Riverbed Optimization System (RiOS) must employ automated mechanisms to centrally manage authentication settings.

Description

Remediation - Manual Procedure