Rule ID
SV-266079r1024884_rule
Version
V1R2
Centralized management of authentication settings increases the security of remote and nonlocal access methods. This control is particularly important protection against the insider threat. With robust centralized management, audit records for administrator account access to the organization's network devices can be more readily analyzed for trends and anomalies. The alternative method of defining administrator accounts on each device exposes the device configuration to remote access authentication attacks and system administrators with multiple authenticators for each network device.
From the BIG-IP GUI: RADIUS: 1. System. 2. Users. 3. Authentication. 4. If "User Directory" is configured for "Remote - RADIUS", verify different Primary and Secondary Hosts exist in the configuration. Note: To view Primary and Secondary Hosts, the "Server Configuration" must be set to "Primary & Secondary". TACACS+ 1. System. 2. Users. 3. Authentication. 4. If "User Directory" is configured for "Remote - TACACS+", verify multiple servers exist in the configuration. 5. Verify "Authentication" is set to "Authenticate to each server until success". If the BIG-IP appliance is not configured to use at least two authentication servers to authenticate administrative users, this is a finding.
From the BIG-IP GUI: RADIUS: 1. System. 2. Users. 3. Authentication. 4. If "User Directory" is configured for "Remote - RADIUS", click "Change" at the bottom. 5. Configure values for Primary and Secondary servers. Note: To view Primary and Secondary Hosts, the "Server Configuration" must be set to "Primary & Secondary". 6. Click "Finished". TACACS+ 1. System. 2. Users. 3. Authentication. 4. If "User Directory" is configured for "Remote - TACACS+", click "Change" at the bottom 5. Add multiple IP Addresses to the "Servers" field. 6. Set "Authentication" to "Authenticate to each server until success". 7. Click "Finished".