Title

The Riverbed NetIM must support organizational requirements to back up the NetIM application and security configuration when changes occur. (Cat II impact)

Discussion

System-level information includes default and customized settings and security attributes, including ACLs that relate to the network device configuration, as well as software required for the execution and operation of the device. Information system backup is a critical step in ensuring system integrity and availability. If the system fails and there is no backup of the system-level information, a denial-of-service condition is possible for all who utilize this critical network component. This control requires the Riverbed NetIM to support the organizational central backup process for system-level information associated with the network device. This function may be provided by the network device itself; however, the preferred best practice is a centralized backup rather than each network device performing discrete backups.

Check Content

Review the system security plan (SSP) to determine the site's network device backup policy. Check the backup log repository identified by the site. Verify regular backups are being performed. If NetIM does not backup the information system documentation, including security-related documentation, when changes occur, this is a finding.

Fix Text

Manually back up the application when changes occur in accordance with the SSP. This requirement normally gives an option for weekly, however since the backup requires the halting of system processes, weekly may not be operationally possible. 1. From the NetIM core/manager node, navigate to <install_dir >, by entering a command similar to the following: cd /data1/riverbed/NetIM/<install_dir > 2. Log in to the shell of each node and run the following command: $ app.sh SAVE_RESTORE export <path to directory for exporting zip file > <path to directory for exporting zip file > = backup repository that is off the NETIM hosts. Note: VM snapshots of each node may be preferred by the site and are an acceptable alternative mitigation.

Additional Identifiers

Rule ID: SV-275462r1147436_rule

Vulnerability ID: V-275462

Group Title: SRG-APP-000516-NDM-000340

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.