Ensure End of Life JUNOS Devices are not used
Details EoL JUNOS Devices should never be used in production networks Rationale: As with most vendors, Juniper Networks only support...
- Home
- Security Hardening
- CIS Juniper OS Benchmark V2.1.0 L1
CIS Juniper OS Benchmark V2.1.0 L1
Ensure external AAA is used
Details At least one external Authentication method should be specified. Rationale: RADIUS and TACACS+ are centralized Authentication, Authorization and Accounting...Ensure ICMP Redirects are set to disabled (on all untrusted IPv4 networks)
Details The Routing Engine should not send ICMP Redirect Messages. Rationale: ICMP Redirect Messages provide a method for a router...Ensure ICMP Redirects are set to disabled (on all untrusted IPv6 networks)
Details The Routing Engine should not send ICMP Redirect Messages. Rationale: ICMP Redirect Messages provide a method for a router...Ensure ICMP Router Discovery is disabled
Details ICMP Router Discovery should not be used. Rationale: ICMP Router Discovery provides details of routers attached to a broadcast...Ensure ICMP Source-Quench is Set to Disabled
Details ICMP Source Quench messages should be ignored. Rationale: ICMP Source Quench messages are intended to allow a host to...Ensure Ingress Filtering is set for EBGP peers
Details Filter prefixes advertised to the router through eBGP. Rationale: In addition to filtering Bogon and Maritan routes JUNOS routers...Ensure interface description is set
Details All interfaces should have a description. Rationale: JUNOS routers can be installed with tens or even hundreds of physical...Ensure interface restrictions are set for SNMP
Details SNMP should only be configured on required interfaces. Rationale: By default the SNMP service will listen for incoming connections...Ensure IS-IS Hello authentication check is not suppressed
Details IS-IS Neighbors should be authenticated. Rationale: Where it is deployed, IS-IS routing is vital for normal operation of an...