Documentation - V-251236

Title

Access to the Redis Enterprise control plane must be restricted.

Description

<VulnDiscussion>If administrative functionality or information regarding DBMS management is presented on an interface available for users, information on DBMS settings may be inadvertently made available to the user. The Redis administrative control plane helps facilitate configuration and application integrations with the database. Exposing the control plane application to any network interface that is available to non-administrative personnel leaves the server vulnerable to attempts to access...

Fix Text (Documentation Requirement)

Configure a management network defined through physical or logical means to achieve network separation. Update system documentation (SSP) and identify the documented management networks as well as the documented client networks. Configure the administrative control plane to only be accessible via the management network. Alternatively, ensure a firewall rule is enabled on the network layer and the administrative control plane is only available through trusted and approved IPs. Use firewalld (the host-based firewall service) on the server to set up a whitelist of IPs that it will accept to use the control plane and REST API ports. The default for these are 8443 and 9443. Below is an example: firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="<Trusted IP address>"...