RFC 3871 Operational Security Requirements September 2004
Justification.
This requirement is intended to prevent unauthorized management
access. Requiring the operator to explicitly configure passwords
will tend to have the effect of ensuring a diversity of passwords.
It also shifts the responsibility for password selection to the
user.
Examples.
Assume that a device comes with console port for management and a
default administrative account. This requirement together with No
Default Passwords says that the administrative account should come
with no password configured. One way of meeting this requirement
would be to have the device require the operator to choose a
password for the administrative account as part of a dialog the
first time the device is configured.
Warnings.
While this device requires operators to set passwords, it does not
prevent them from doing things such as using scripts to configure
hundreds of devices with the same easily guessed passwords.
2.12.11. Ability to Define Privilege Levels
Requirement.
It MUST be possible to define arbitrary subsets of all management
and configuration functions and assign them to groups or
"privilege levels", which can be assigned to users per Section
2.12.12. There MUST be at least three possible privilege levels.
Justification.
This requirement supports the implementation of the principal of
"least privilege", which states that an individual should only
have the privileges necessary to execute the operations he/she is
required to perform.
Examples.
Examples of privilege levels might include "user" which only
allows the initiation of a PPP or telnet session, "read only",
which allows read only access to device configuration and
operational statistics, "root/superuser/administrator" which
allows update access to all configurable parameters, and
"operator" which allows updates to a limited, user defined set of
Jones Informational [Page 61]
Unlimited Web Hosting
|
|
TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved. |