Ensure firewall filters contain explicit deny and log term
Details Flood Attack protection should be included in the ‘Protect RE’ Filter Rationale: As with any computer system connected to...
- Home
- Security Hardening
- CIS Juniper OS Benchmark V2.1.0 L2
CIS Juniper OS Benchmark V2.1.0 L2
Ensure firewall filters contain explicit deny and log term
Details Filters should include a final Deny and Log term. Rationale: Firewall filters are built up of one or more...Ensure ICMPv4 rate-limit is Set
Details ICMPv4 traffic should be rate limited to protect the devices resources. Rationale: Many Denial of Service attacks against network...Ensure ICMPv6 rate-limit is Set
Details ICMPv6 traffic should be rate limited to protect the devices resources. Rationale: Many Denial of Service attacks against network...Ensure inbound firewall filter is set for Loopback interface
Details A Firewall Filter should be applied to lo0. Rationale: JUNOS routers can provide a wide range of services to...Ensure internal sources are blocked on external networks
Details Deny traffic with an internal source or reserved IP address from external source. Rationale: An attacker may attempt to...Ensure IS-IS neighbor authentication is set to SHA1
Details IS-IS Neighbors should be authenticated with stronger SHA1 HMAC mechanism, where supported. Rationale: Where it is deployed, IS-IS routing...Ensure LLDP is Disabled if not Required
Details LLDP should be disabled when not required Rationale: The Link Layer Discovery Protocol (LLDP) is a vendor-neutral and widely...Ensure LLDP-MED is Disabled if not Required
Details LLDP-MED should be disabled when not required Rationale: The Link Layer Discovery Protocol (LLDP) is a vendor-neutral and widely...Ensure Loopback interface address is set
Details Configure a Loopback address. Rationale: When a router needs to initiate connections to remote hosts, for example for SYSLOG...