NET-IPV6-016 – The network element must be configured so that ICMPv6 unreachable notifications and redirects are disabled on all external facing interfaces.

Details

The Internet Control Message Protocol version 6 (ICMPv6) supports IPv6 traffic by relaying information about paths, routes, and network conditions. Routers automatically send ICMPv6 messages under a wide variety of conditions. ICMPv6 messages are commonly used by attackers for network mapping and diagnosis: Host unreachable and Redirect.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

The network element configuration must be changed to ensure ICMPv6 unreachables and redirects are disabled at all external interfaces.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Network_Perimeter_Router_L3_Switch_V8R32_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Juniper.

References

800-53|SC-7(12)
CAT|II
Rule-ID|SV-16478r2_rule
STIG-ID|NET-IPV6-016
Vuln-ID|V-14670

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles