Check: NET1300
Network - Firewall:
NET1300
(in versions v8 r25 through v8 r21)
Title
Administrator logons, changes to the administrator group, and account lockouts must be logged. (Cat III impact)
Discussion
The network device and the associated logging functions allows for forensic investigations if properly configured and protected. The administrators account is the most sought after account so extra protection must be taken to protect this account and log its activity.
Check Content
Review the device configuration to determine if all administrative actions are being logged. If administrative actions are not being logged, this is a finding.
Fix Text
Configure the network device to log all administrative actions performed on the device.
Additional Identifiers
Rule ID:
Vulnerability ID: V-3178
Group Title:
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| No CCIs are assigned to this check |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| No controls are assigned to this check |