Title

(U) The Host Intrusion Prevention System (HIPS) Admin password for the User Interface (UI) is known and protected. (Cat I impact)

Discussion

Check Content

(U) This is a manual procedure to ensure that the admin password is known (and accessible) by the trusted ePO administrator and is protected. The password will be written down, put into a sealed envelope, and stored in an approved safe. The envelope will contain the last access date along with those authorized to use it. Not having access to the password can cause a denial of service on the client machine if the HIPS machine inadvertently blocks ‘good’ applications. A way to unlock the interface needs to not rely on a single point of failure (that is, a single SA). To determine the finding status, ask the SA what procedure is used for accessing the UI via a password. A procedure should exist where the SA can gain access to an approved safe, and then access the password. Due to the importance of this password, having the SA know the password does not meet the finding criteria and should be considered a finding. If the password is not stored in an approved safe, this is a finding. (The password does not need to be divulged during the review – the requirement is to ensure that it is known and protected.)

Fix Text

(U) Assign a known password for the Admin interface and protect it.

Additional Identifiers

Rule ID: SV-15152r2_rule

Vulnerability ID: V-14534

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.