SYMP-NM-000030 - Symantec ProxySG must configure Web Management Console access restrictions to authorized IP address/ranges.

Information

It is important that administrative access (SSH, web) to an appliance using the account of last resort be able to be restricted to only the appropriate networks/subnets in order to reduce the likelihood of unauthorized access.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure console access using the account of last resort to specific networks/subnets.

1. Log on to the Web Management Console.
2. Click Configuration >> Authentication >> Console Access.
3. Click 'New'.
4. Enter the IP address and subnet mask for the desired network and click 'OK'.
5. Repeat step 4 until all desired networks have been added.
6. Click 'Apply'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SYM_ProxySG_Y20M04_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CAT|I, CCI|CCI-000213, Rule-ID|SV-104487r1_rule, STIG-ID|SYMP-NM-000030, Vuln-ID|V-94657

Plugin: BlueCoat

Control ID: df26070ae97ef165c4074ae60da66be8a730d0e05ad542357e3f1bfddf7c3ccb