Documentation - V-250335

Title

Multifactor authentication for network access to privileged accounts must be used.

Description

<VulnDiscussion>Multifactor authentication creates a layered defense and makes it more difficult for an unauthorized person to access the application server. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target. Unlike a simple username/password scenario where the attacker could gain access by knowing both the username and password without the user knowing his account was compromised, multifactor authentic...

Fix Text (Documentation Requirement)

Refer to IBM documentation on how to configure TLS and client based certificate authentication for additional configuration details. The following is a summary list of items needed to configure the system for certificate based authentication. Production systems and installations will vary. The application’s web.xml file must be configured to use client certs. EXAMPLE: <login-config> <auth-method>CLIENT-CERT</auth-method> </login-config> The server.xml features must be configured to use transportSecurity and an ldap configuration. <featureManager> <feature>appSecurity-2.0</feature> <feature>ldapRegistry-3.0</feature> <feature>transportSecurity-1.0</feature> </featureManager> The server.xml TLS and LDAP settings must be configured. The following is an EXAMPLE only. "Default" verbi...