Title

Automatic Call Answering to the Hardware Management Console must be disabled. (Cat II impact)

Discussion

Automatic Call Answering to the Hardware Management Console allows unrestricted access by unauthorized personnel and could lead to a bypass of security, access to the system, and an altering of the environment. This would result in a loss of secure operations and impact the integrity of the operating environment, files, and programs. Note: Dial-in access to the Hardware Management Console is prohibited. Also, many newer processors (e.g., zEC12/zBC12 processors) will not have modems. If there is no modem, this check is not applicable.

Check Content

Have the System Administrator verify if either the Enable Remote Operations parameter or the Automatic Call Answering parameter are active on the Enable Hardware Management Console Services panel. The Enable Remote Operations is found under Customize Remote Services and Automatic Call Answering is found under Customize Auto Answer Settings. If either of the above options are active, then this is a FINDING.

Fix Text

The System Administrator must set dial-in facility to off. Do this by ensuring that both the Enable Remote Operations parameter and the Automatic Call Answering parameter are turned off. In Check Content: Enable Remote Operations is found under Customize Remote Services and Automatic Call Answering is found under Customize Auto Answer Settings.

Additional Identifiers

Rule ID: SV-256873r958726_rule

Vulnerability ID: V-256873

Group Title: SRG-OS-000324-GPOS-00125

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.