Ensure Multi-Factor is used with External AAA
Details Multi-factor Authentication should be used for management sessions Rationale: Even with the password complexity restrictions and use of External...
- Home
- Security Hardening
- CIS Juniper OS Benchmark V2.1.0 L2
CIS Juniper OS Benchmark V2.1.0 L2
Ensure Multiple External NTP Servers are set
Details At least 3 External NTP Servers should be set Rationale: Keeping time settings consistent across a network is vital...Ensure NTP Boot-Server is set
Details An NTP Boot-Server should be configured for the router to update its time on boot. Rationale: When the router...Ensure Only Suite B Based Key Signing Algorithms are set for SSH – DSA keys
Details SSH should be configured with Suite B based key signing algorithms Rationale: SSH (Secure Shell) is the defacto standard...Ensure Only Suite B Based Key Signing Algorithms are set for SSH – ECDSA Key
Details SSH should be configured with Suite B based key signing algorithms Rationale: SSH (Secure Shell) is the defacto standard...Ensure Only Suite B Ciphers are set for SSH – ciphers restriction
Details SSH should be configured with Ciphers based on the Suite B Standard Rationale: SSH (Secure Shell) is the defacto...Ensure Only Suite B Ciphers are set for SSH – weak ciphers
Details SSH should be configured with Ciphers based on the Suite B Standard Rationale: SSH (Secure Shell) is the defacto...Ensure Only Suite B Key Exchange Methods are set for SSH – key-exchange restriction
Details SSH should be configured to use only Suite B key exchange algorithms. Rationale: SSH (Secure Shell) is the defacto...Ensure Only Suite B Key Exchange Methods are set for SSH – weak key-exchange
Details SSH should be configured to use only Suite B key exchange algorithms. Rationale: SSH (Secure Shell) is the defacto...Ensure OSPF authentication is set to IPSEC SA with SHA
Details OSPF Neighbors should be strongly authenticated. Rationale: Where it is deployed, OSPF routing is vital for normal operation of...