Details

When External AAA is used, Login Events should be sent to configured accounting destinations.

Rationale:

To protect any asset, including a Juniper router, you have to have a record of who logged in or attempted to login as well as who made changes to the configuration and when.

JUNOS can log these events to RADIUS and/or TACACS+ servers to allow reliable, centralized records to be kept for all of the devices in your network.

Solution

Configure Accounting of Logins and Configuration Changes by entering the following commands under the [edit system accounting] hierarchy;

[edit system accounting]
[email protected]#set events login

Default Value:

External accounting is not configured by default

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3069

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Juniper.

References

• 800-53|AU-3
• 800-53|AU-12
• CSCv7|6.2
• CSCv7|6.3

Source

• Tenable.com/audits