NET0400 – The network element must authenticate all IGP peers – IS-IS authentication-type

Details

A rogue router could send a fictitious routing update to convince a site’s premise router to send traffic to an incorrect or even a rogue destination. This diverted traffic could be analyzed to learn confidential information of the site’s network, or merely used to disrupt the network’s ability to effectively communicate with other networks.

Solution

Configure authentication for all IGP peers.

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Network_Infrastructure_Router_L3_Switch_V8R29_STIG.ziphttps://iasecontent.disa.mil/stigs/zip/U_Network_Infrastructure_Router_L3_Switch_V8R29_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Juniper.

References

800-53|SC-8(1)
CAT|II
Rule-ID|SV-15291r2_rule
STIG-ID|NET0400
Vuln-ID|V-3034

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles