Detections
Analytics
OS10-NDM-000390 - The Dell OS10 Switch must implement replay-resistant authentication mechanisms for network access to privileged accounts.
Information
A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be vulnerable to a replay attack.An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.
Solution
Configure the OS10 Switch to implement replay-resistant authentication mechanisms for network access to privileged accounts:OS10(config)# crypto fips enable
WARNING: Upon committing this configuration, the system will regenerate SSH keys. Please consult documentation and toggle FIPS mode only if you know what you are doing!
Continue? [yes/no(default)]:yes
OS10(config)#
Disable telnet if it has been enabled:
OS10(config)# no ip telnet server enable
Enable SSH if it has been disabled:
OS10(config)# ip ssh server enable
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Dell_OS10_Switch_Y24M12_STIG.zip
Item Details
Audit Name: DISA Dell OS10 Switch NDM STIG v1r1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-2(8), CAT|II, CCI|CCI-001941, Rule-ID|SV-269780r1051725_rule, STIG-ID|OS10-NDM-000390, Vuln-ID|V-269780
Plugin: Dell_OS10
Control ID: 0ca23512cbee103b70e08098701fcec3a2e949a26d875ec176d35e2a8116a8cc