Riverbed Optimization System (RiOS) must generate an alert that can be sent to security personnel when threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B occur.

An XCCDF Rule

Description

<VulnDiscussion>By immediately displaying an alarm message, potential security violations can be identified more quickly even when administrators are not logged into the network device. An example of a mechanism to facilitate this would be through the utilization of SNMP traps.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-77483r1_rule
Severity: Medium
References: CCI-000366 CCI-001274
Updated: about 1 year ago

Configure RiOS to use automated mechanisms to alert security personnel to threats identified by authoritative sources.

Navigate to the device Management Console
Navigate to Configure >> System Settings >> SNMP Basic
Click "Add a New Trap Receiver"
Set "Receiver IP Address" to the address of the trap receiverSet "Destination Port:" to the port that the Trap Receiver is listening on
Set "Receiver Type:" to "v3"
Set "Remote User:" to the user name on the Trap Receiver
Set "Authentication:" to <Supply a key based>
Set "Authentication Protocol:" to "SHA" 
SHA Key: <enter the SHA key>
Set "Security Level:" to "Auth/Priv"
Set "Privacy Protocol:" to "AES"
Set "Privacy:" to Select "same as Authentication Key"
Set "Enable Receiver"
Click "Add"

Navigate to the top of the web page and click "Save" to save these settings permanently

Riverbed Optimization System (RiOS) must generate an alert that can be sent to security personnel when threats identified by authoritative sources (e.g., CTOs) and IAW with CJCSM 6510.01B occur.

Description

Remediation - Manual Procedure