Riverbed Optimization System (RiOS) must implement replay-resistant authentication mechanisms for network access to privileged accounts.

An XCCDF Rule

Description

A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack. An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.

ID: SV-77443r1_rule
Version: RICX-DM-000106
Severity: Medium
References: CCI-001941
Updated: 26 days ago

Remediation Templates

Configure RiOS to implement replay resistant authentication mechanisms for network access to privileged accounts.

Navigate to the device CLI
Type: enable
Type: conf t
Type: no web http enableType: web https enable
Type: no web ssl protocol sslv3
Type: no web ssl protocol tlsv1
Type: web ssl protocol tlsv1.1
Type: web ssl protocol tlsv1.2
Type: write memory
Type: exit
Type: exit

Riverbed Optimization System (RiOS) must implement replay-resistant authentication mechanisms for network access to privileged accounts.

Description

Remediation Templates

A Manual Procedure