Details

RIP Neighbors should be authenticated.

Rationale:

Where it is deployed, RIP routing is vital for normal operation of an organization’s network infrastructure. Correct route information is required for routers to correctly direct traffic through the network. An attacker posing as one of the target routers RIP neighbors may inject incorrect information into the route table resulting in DoS attack or loss of confidential data through a Man in the Middle attack.

On Juniper routers (as well as routers from other manufacturers such as Cisco or Brocade) it is possible to authenticate neighbors using an MD5 digest of elements in the update. RIP Authentication is defined in RFC2082.

Solution

If you have deployed RIP in your network you should use MD5 authentication for all neighbors. To configure authentication enter the following command from the [edit protocols rip] hierarchy:

[edit protocols rip]
[email protected]#set authentication-type md5
[email protected]#set authentication-key

Default Value:

No RIP routing is configured by default.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3069https://workbench.cisecurity.org/files/3069

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Juniper.

References

• 800-53|IA-5
• 800-53|IA-5(1)
• CSCv7|16.4

Source

• Tenable.com/audits