Check: ASP4-TS-020180
IBM Aspera Platform 4.2 STIG:
ASP4-TS-020180
(in versions v1 r2 through v1 r1)
Title
The IBM Aspera High-Speed Transfer Server must enable the use of dynamic token encryption keys. (Cat II impact)
Discussion
Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. The dynamic token encryption key is used for encrypting authorization tokens dynamically for improved security and time-limited validity which limits the chances of a key becoming compromised. NOTE: A dynamic token encryption key can be set for an individual user or a system group. Satisfies: SRG-NET-000062-ALG-000011, SRG-NET-000400-ALG-000097
Check Content
Verify the Aspera High-Speed Transfer Server enables the use of dynamic token encryption keys with the following command: $ sudo /opt/aspera/bin/asuserdata -a | grep dynamic token_dynamic_key: "true" If the "dynamic_key" setting is not set to "true", this is a finding.
Fix Text
Configure the Aspera High-Speed Transfer Server to enable the use of dynamic token encryption keys with the following command: $ sudo asconfigurator -x "set_node_data; token_dynamic_key,true" Restart the IBM Aspera Node service to activate the changes. $ sudo systemctl restart asperanoded.service
Additional Identifiers
Rule ID: SV-252634r818072_rule
Vulnerability ID: V-252634
Group Title: SRG-NET-000062-ALG-000011
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000068 |
The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions. |
CCI-000197 |
The information system, for password-based authentication, transmits only cryptographically-protected passwords. |