Details

An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface. Unauthorized personnel with access to the communication facility could gain access to a router by connecting to a configured interface that is not in use.

If an interface is no longer used, the configuration must be deleted and the interface disabled. For sub-interfaces, delete sub-interfaces that are on inactive interfaces and delete sub-interfaces that are themselves inactive. If the sub-interface is no longer necessary for authorized communications, it must be deleted.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Disable all inactive interfaces as shown below.

[edit interfaces]
set ge-1/1/0 disable

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Juniper_Router_Y21M02_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Juniper.

References

• 800-53|AC-4
• CAT|III
• CCI|CCI-001414
• CSCv6|3.1
• Rule-ID|SV-217016r639663_rule
• STIG-ID|JUNI-RT-000060
• STIG-Legacy|SV-101027
• STIG-Legacy|V-90817
• Vuln-ID|V-217016

Source

• Tenable.com/audits