Ensure access profile is set to use CHAP
Details CHAP Authentication MUST be used when Incoming calls are permitted. Rationale: Some JUNOS routers support the use of a...
- Home
- Security Hardening
- CIS Juniper OS Benchmark V2.1.0 L1
CIS Juniper OS Benchmark V2.1.0 L1
Ensure Accounting Destination is configured
Details Where external Authentication, Authorization and Accounting services using either RADIUS or TACACS+ are used, accounting data should be sent...Ensure Accounting of Configuration Changes
Details When External AAA is used Configuration Change events should be sent to configured accounting destinations. Rationale: To protect any...Ensure Accounting of Logins
Details When External AAA is used, Login Events should be sent to configured accounting destinations. Rationale: To protect any asset,...Ensure a client list is set for SNMPv1/v2 communities
Details Limit clients to access SNMP. Rationale: Even when limited to read only access, SNMP can provide an attacker with...Ensure authentication check is not suppressed
Details IS-IS Neighbors should be authenticated. Rationale: Where it is deployed, IS-IS routing is vital for normal operation of an...Ensure Authentication is configured for Diagnostic Ports
Details An encrypted password should be set for access to the routers diagnostic ports. Rationale: Most high end Juniper network...Ensure authentication is set to MD5
Details RSVP Peers should be authenticated. Rationale: RSVP messages may be abused by an attacker to interfere with QoS and...Ensure authentication is set to MD5
Details LDP peers should be authenticated. Rationale: Where it is deployed, LDP is vital for normal operation of an MPLS...Ensure authentication is set to MD5
Details MSDP Peers should be authenticated. Rationale: When deployed MSDP it provides PIM-SM with information for routing Multicast traffic and...