Details

Enable Open Shortest Path First (OSPF) Message Digest 5 (MD5) authentication.

Rationale:

This is part of the OSPF authentication setup

Impact:

Organizations should plan and implement enterprise security policies that require rigorous authentication methods for routing protocols. Configuring the proper interface(s) for ‘ip ospf message-digest-key md5’ enforces these policies by restricting exchanges between network devices.

Solution

Configure the appropriate interface(s) for Message Digest authentication

hostname(config)#interface {interface_name}
hostname(config-if)#ip ospf message-digest-key {ospf_md5_key-id} md5 {ospf_md5_key}

Default Value:

Not set

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/3156https://workbench.cisecurity.org/files/3156

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.

References

• 800-53|SC-8(1)
• CSCv6|11
• CSCv7|11

Source

• Tenable.com/audits