000030356 - Best practices for running vulnerability scans against RSA Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030356
Applies ToRSA Product Set:  SecurID

RSA Product /Service Type:  Authentication Manager
RSA Version/Condition:  8.1
IssuePrior to running a vulnerability scan such as Nessus, Qualys, etc., it is recommended that the following steps be taken:
  1. Ensure that you are running the most recent service pack and patch level available.  Service packs and patches are available for download on SecurCare Online. Please follow all documentation on how to install software updates.  Failure to do so can cause damage to the system, such as breaking replication.
  2. Turn off SSH access to the server through the Operations Console (Administration > Operating System Access).  SSH should only be enabled when it is absolutely required for maintenance.
  3. Run the Authentication Manager server in single user mode.  The Authentication Manager server is a hardened device and is designed to have one user (i. e., rsaadmin).  It is not recommended to have additional users on the server.  Please refer to your scan software’s documentation on how to run a scan using the rsaadmin account.
  4. Now run the scan and review the results.
For more information on security best practices and system hardening, please refer to the RSA Authentication Manager 8.1 Setup and Configuration Guide.
TasksAfter completing the scan, submit the list of CVEs and CVE descriptions to RSA Support (support@rsa.com). 
Submitted vulnerabilities should have a CVE number, where applicable.  In order to help decrease response time please include the scan output, scanner used, and a list of the CVEs in CSV format. For example:

“CVE Number 1”,”CVE Description 1”
“CVE Number 2”,”CVE Description 2”

Attachments

    Outcomes