Details

Provide secure HTTPS webpage access between the local device and users, and a secure transmission channel for users’ Web management devices. Avoid interception of intermediate data. If the login page needs to be displayed in the WEB, the login username and password can be used to access the page, meeting the scanning requirements of security tools such as nessus, webinspect, and AWE.

Solution

1. use HTTPS instead of HTTP, SSL must bound PKI profile, the bounded PKI profile needs to import a legal and valid CA certificate
2. TLS(SSL) version is recommended to be greater than TLS v1.2, at least not less than TLS v1.1.
3. TLS algorithm does not contain insecure algorithms, which include: CBC, SHA1, MD5

Supportive Information

The following resource is also helpful.

• https://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedbackhttps://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedbackhttps://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedbackhttps://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedbackhttps://support.zte.com.cn/support/doccenter/DocumentProductHandBookDetail.aspx?sid=102&id=30768582&type=docfeedback

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system ZTE_ROSNG.

References

• 800-53|SC-13.

Source

• Tenable.com/audits