For nonlocal maintenance sessions, the Juniper SRX Services Gateway must explicitly deny the use of J-Web.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-223237 | JUSX-DM-000167 | SV-223237r1043177_rule | High |
| Description |
| If unsecured functions (lacking FIPS-validated cryptographic mechanisms) are used for management sessions, the contents of those sessions are susceptible to manipulation, potentially allowing alteration and hijacking. J-Web (configured using the system services web-management option) does not meet the DoD requirement for management tools. It also does not work with all Juniper SRX hardware. By default, the web interface is disabled; however, it is easily enabled. |
| STIG | Date |
| Juniper SRX Services Gateway NDM Security Technical Implementation Guide | 2024-12-20 |
Details
| Check Text (C-24910r513398_chk) |
| Verify web-management is not enabled. [edit] show system services web-management If a stanza exists that configures web-management service options, this is a finding. |
| Fix Text (F-24898r513399_fix) |
| Remove the web-management service. [edit] delete system services web-management |