Ensure peer authentication is set to MD5
Details BGP Peers should be authenticated. Rationale: Where it is deployed, BGP routing is vital for normal operation of an...
- Home
- Security Hardening
- CIS Juniper OS Benchmark V2.1.0 L1
CIS Juniper OS Benchmark V2.1.0 L1
Ensure ‘Protect RE’ Firewall Filter is set for inbound traffic to the Routing Engine
Details Traffic to the Routing Engine should be filtered. Rationale: JUNOS Devices can provide a wide range of services to...Ensure PSNP authentication check is not set to suppressed
Details IS-IS Neighbors should be authenticated. Rationale: Where it is deployed, IS-IS routing is vital for normal operation of an...Ensure Retired JUNOS Devices are Disposed of Securely
Details JUNOS Devices must be disposed of securely Rationale: As with all systems, there will come a point where a...Ensure RIP authentication is set to MD5
Details RIP Neighbors should be authenticated. Rationale: Where it is deployed, RIP routing is vital for normal operation of an...Ensure RIP is set to check for zero values in reserved fields
Details The router should check that fields that the RFC requires must be 0 are, in fact, 0. Rationale: Where...Ensure SNMPv1/2 are set to Read Only
Details Do not allow Read-Write SNMP access for versions below SNMPv3. Rationale: SNMP can be used to read and write...Ensure TCP RST is Set to Disabled
Details Connection attempts to a closed / non-listening port should not return a TCP RST Rationale: As with most Operating...Ensure TCP SYN/FIN is Set to Drop
Details TCP Segments which have both the SYN and FIN flags set should be dropped. Rationale: TCP packets that have...Ensure unused interfaces are set to disable
Details Unused interfaces should be explicitly disabled. Rationale: JUNOS routers can be installed with tens or even hundreds of physical...