Ensure AES128 is set for all SNMPv3 users
Details Do not allow plaintext SNMPv3 access. Rationale: SNMPv3 provides much improved security over previous versions by offering options for...
- Home
- Security Hardening
- CIS Juniper OS Benchmark V2.1.0 L2
CIS Juniper OS Benchmark V2.1.0 L2
Ensure Archive on Commit
Details The routers configuration should be archived whenever changes are committed. Rationale: Before changes made to a JUNOS router are...Ensure at least one SCP Archive Site is configured
Details Configuration archival should use only secure transport over SCP. Rationale: Archiving the configuration to an external server creates a...Ensure authentication is set to AES-CMAC
Details LDP peers should be strongly authenticated. Rationale: Where it is deployed, LDP is vital for normal operation of an...Ensure Authentication Keys are used for all NTP Servers
Details Authentication keys should be set for NTP Servers Rationale: Having established the need for NTP, it is essential to...Ensure authentication-type is set to MD5
Details Any VRRP authentication should use MD5 HMAC Rationale: VRRP provides resilience for a routers interfaces, allowing another router to...Ensure BFD Authentication is Not Set to Loose-Check
Details BFD Peers should be authenticated. Rationale: Bidirectional Forwarding Detection (BFD) is a Forwarding Plane feature which allows more rapid...Ensure BFD Authentication is Set
Details BFD Peers should be authenticated. Rationale: Bidirectional Forwarding Detection (BFD) is a Forwarding Plane feature which allows more rapid...Ensure Bogon Filtering is set (where EBGP is used)
Details Bogon prefixes should be filtered when using eBGP. Rationale: Bogon Networks are those IP Address blocks which should never...Ensure Different Authentication Keys for each NTP Server
Details Different authentication keys should be set for each NTP Server Rationale: Having established the need for NTP, it is...