Sub-Requirement 2.3
2.3 Encrypt all non-console administrative access. Use technologies such as SSH, VPN, or SSL/TLS (Transport Layer Security) for web-based management and other non-console administrative access
Illustrative Controls and the TIBCO LogLogic Solution
All remote connections by administrative users must be encrypted to limit the possibility of credentials (e.g., usernames and passwords) being intercepted and captured while traversing the network. Technologies such as SSH (generally port 22/tcp), SSL (generally port 443/tcp) and VPN (SSL or IPsec) are typically used to implement this encryption. Administrators should setup network policy alerts to detect any unauthorized traffic passing through the firewalls.
Reports and Alerts
Use the following link/reference to see the 2.3 reports and alerts: 2.3 on page 96.
Copyright © Cloud Software Group, Inc. All rights reserved.