Details
The routers configuration MUST NOT be sent in plain text to the Archive Site.
Rationale:
JUNOS routers can use a range of protocols for copying configuration files to Archive Sites including FTP, TFTP, NFS and SCP. Of these, only Secure Copy (SCP) provides encryption for the data in transit. Using FTP, FTP or NFS transfer files in plain text, allowing an attacker to copy the file from the network exposing sensitive data and possibly authentication information for both the router and the Archive Site.
Solution
Archival is not configured by default. If plain text Archive Sites have been configured, they can be removed by issuing the following command from the [edit system] hierarchy;
[edit system]
[email protected]#delete archival configuration archive-site
Archive sites should be reconfigured using SCP.
Default Value:
Archival is not configured by default.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Contingency Planning.This control applies to the following type of system Juniper.