AMLS-NM-000250 - The Arista Multilayer Switch must reveal error messages only to authorized individuals (ISSO, ISSM, and SA) - ISSO, ISSM, and SA.

Information

Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state. Additionally, sensitive account information must not be revealed through error messages to unauthorized personnel or their designated representatives.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure the network device or its associated audit server to reveal error messages only to authorized individuals.

SNMP is used to fulfill this function. An example SNMP configuration is provided below. To configure SNMP according to site-specific policies and procedures, refer to the Arista Configuration Guide Chapter 37

snmp-server engineID local
snmp-server view snmpview system included
snmp-server group ROgroup v3 priv read snmpview
snmp-server group RWgroup v3 priv write snmpview
snmp-server user disa ROgroup v3
snmp-server user disaRW RWgroup v3
snmp-server host 10.1.1.1 version 3 priv disaRW
snmp-server host 10.2.2.2 version 3 noauth disaRW
snmp-server host 10.3.3.3 version 3 noauth disaRW
snmp-server host 127.0.0.1 version 3 noauth auth
snmp-server host 172.22.29.82 version 3 noauth disaRW
snmp-server enable traps

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Arista_MLS_DCS-7000_Series_Y20M07_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-11, CAT|II, CCI|CCI-001314, Group-ID|V-60859, Rule-ID|SV-75317r1_rule, STIG-ID|AMLS-NM-000250, Vuln-ID|V-60859

Plugin: Arista

Control ID: 6a9bd975e94a364c6668622eeaf727de76bacda879d247f5d7506b5b92bb7a81