1.6 Support Web Access Security - c) version

Information

Provide secure HTTPS webpage access between the local device and users, and a secure transmission channel for users' Web management devices. Avoid interception of intermediate data. If the login page needs to be displayed in the WEB, the login username and password can be used to access the page, meeting the scanning requirements of security tools such as nessus, webinspect, and AWE.

Solution

1. use HTTPS instead of HTTP, SSL must bound PKI profile, the bounded PKI profile needs to import a legal and valid CA certificate
2. TLS(SSL) version is recommended to be greater than TLS v1.2, at least not less than TLS v1.1.
3. TLS algorithm does not contain insecure algorithms, which include: CBC, SHA1, MD5

See Also

https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

Item Details

Audit Name: Tenable ZTE ROSNG

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: ZTE_ROSNG

Control ID: 236bf4499a752b658855ac33d15e749dcdfb9891c95860a838a95ca288bdde22