An error occurred:

Check: WSDP-NM-000143

IBM DataPower Network Device Management STIG: WSDP-NM-000143 (in versions v1 r2 through v1 r1)

Title

The DataPower Gateway must not use 0.0.0.0 as the management IP address. (Cat II impact)

Discussion

If 0.0.0.0 as the management IP address, the DataPower appliance will listen on all configured interfaces for management traffic. This can allow an attacker to gain privileged-level access from an untrusted network.

Check Content

Using an administrator account, log on to the default domain of the appliance. Navigate to Network >> Management >> Web Management Service. View the Local Address field; if the value is “0.0.0.0”, this is a finding.

Fix Text

To configure the DataPower appliance for web management: Using an administrator account, log on to the default domain of the appliance. On the Configure Web Management Service screen, complete the required information. Set the Administrative state to “enabled”. For the Local Address, use the IP address from the management subnet assigned to the unit.

Additional Identifiers

Rule ID: SV-79679r1_rule

Vulnerability ID: V-65189

Group Title: SRG-APP-000038-NDM-000213

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001368

The information system enforces approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AC-4

Information Flow Enforcement