2.2 Ensure redundant remote authentication servers are configured

Information

Having multiple points of authentication is important in the event that the primary remote authentication source goes down.

Rationale:

To make sure the redundant Radius servers are configured

Impact:

Having a single Authentication server reduce the availability for systems operators and admins to perform their tasks and support when the Radius server is down

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

1-Log in to the Configuration utility using the administrator account.

2-Navigate to System > Users > Authentication.

3-In the Authentication section, click Change.

4-Select Remote - RADIUS from the User Directory drop-down menu.

5-Define the RADIUS server configuration settings, including the port and shared secret settings:

6-For 'Service Type': select 'Authentication Only'

7-This should be completed for Primary RADIUS server as well as for Secondary RADIUS server.

8-Click Finished.

See Also

https://workbench.cisecurity.org/files/3587

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(1), CSCv7|5.1

Plugin: F5

Control ID: 9d06f997eca3ed623c8b042b5c0ff6cad8bbbbf5361d41e6665b076324cd8f4d