1.6 Support Web Access Security - a) ciphersuite

Information

Provide secure HTTPS webpage access between the local device and users, and a secure transmission channel for users' Web management devices. Avoid interception of intermediate data. If the login page needs to be displayed in the WEB, the login username and password can be used to access the page, meeting the scanning requirements of security tools such as nessus, webinspect, and AWE.

Either ciphersuite or web secure-server ssl-context has not been configured.

Note: Check on ciphersuite was not carried out.

Solution

1. use HTTPS instead of HTTP, SSL must bound PKI profile, the bounded PKI profile needs to import a legal and valid CA certificate
2. TLS(SSL) version is recommended to be greater than TLS v1.2, at least not less than TLS v1.1.
3. TLS algorithm does not contain insecure algorithms, which include: CBC, SHA1, MD5

See Also

https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

Item Details

Audit Name: Tenable ZTE ROSNG

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: ZTE_ROSNG

Control ID: 7323a465b6742530a879cdc1a2c254058995e1bc59019dc017bd845ca95434e8