Ensure backup data is stored and transferred securely
Details Backups of router configuration should be secured. Rationale: If an attacker has access to your router configuration files they...
- Home
- Security Hardening
- CIS Juniper OS Benchmark V2.1.0 L1
CIS Juniper OS Benchmark V2.1.0 L1
Ensure Caller ID is set
Details Caller restrictions MUST be used when Incoming calls are permitted. Rationale: Some JUNOS routers support the use of a...Ensure Common SNMP Community Strings are NOT used
Details Do not use common / default community strings. Rationale: SNMP can be used to read, and sometime write, sensitive...Ensure configuration is backed up on a regular schedule
Details Regular backups should be made of the router. Rationale: Backups of a routers configuration may be necessary when recovering...Ensure CSNP authentication check is not set to suppressed
Details IS-IS Neighbors should be authenticated. Rationale: Where it is deployed, IS-IS routing is vital for normal operation of an...Ensure ‘Default Restrict’ is set in all client lists
Details Limit clients to access SNMP. Rationale: Even when limited to read only access, SNMP can provide an attacker with...Ensure device is physically secured
Details Network Devices should be physically secured. Rationale: As with most information assets, it is vital that an attacker is...Ensure Device is running Current Junos Software
Details All JUNOS Devices should run the current Recommended Release of JUNOS. Rationale: As with any software, the JUNOS Operating...Ensure Diagnostic Port Authentication uses a complex password
Details A complex password should be used to protect access to Diagnostic Port/s Rationale: Due to the sensitivity of the...Ensure EBGP peers are set to use GTSM
Details GTSM should be used with all EBGP peers. Rationale: Where it is deployed, External BGP routing is vital for...