Title

The Riverbed NetIM must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. (Cat II impact)

Discussion

Authentication for administrative (privileged-level) access to the device is required at all times. An account can be created on the device's local database for use when the authentication server is down or connectivity between the device and the authentication server is not operable. This account is referred to as the account of last resort since it is intended to be used as a last resort and when immediate administrative access is absolutely necessary.

Check Content

Verify only the account of last resort, "admin", exists on the device. In the GUI, navigate to Configure >> All Settings >> Administer >> User Management. If local user accounts exist other than the account of last resort, this is a finding.

Fix Text

Use of the default GUI account "admin" as the account of last resort is strongly recommended. It must have a DOD-compliant password and be securely stored in a safe for emergency, but not day-to-day, use. The "NetIMAdmin" default shell account cannot be changed but must be the only user shell account. It must have a DOD-compliant password. Remove all GUI local accounts other than the default admin account. 1. In the GUI, navigate to Configure >> All Settings >> Administer >> User Management. 2. In the Local Users section, click the "X" icon in the Actions column of the user's entry. The NetIMAdmin shell account must remain the only local login account at this level.

Additional Identifiers

Rule ID: SV-275453r1147409_rule

Vulnerability ID: V-275453

Group Title: SRG-APP-000148-NDM-000346

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.