Ensure peer authentication is set to IPSEC SA
Details BGP Neighbors should be strongly authenticated. Rationale: Where it is deployed, BGP routing is vital for normal operation of...
- Home
- Security Hardening
- CIS Juniper OS Benchmark V2.1.0 L2
CIS Juniper OS Benchmark V2.1.0 L2
Ensure ‘Protect RE’ Firewall Filter includes explicit terms for all Management Services
Details The Firewall Filter used to protect the Junos Device should include explicit terms for all Management, Automation and Monitoring...Ensure ‘Protect RE’ Firewall Filter includes explicit terms for all Protocols
Details Routing and Switching Protocol traffic should be filtered Rationale: Junos devices support a vast range of Routing Protocols to...Ensure ‘Protect RE’ Firewall filter includes Rate-Limiting for Management Services terms
Details Policers should be applied to Management Services Rationale: Junos supports a wide range of Management, Monitoring and Automation Services,...Ensure proxy-arp is disabled
Details Do not use Proxy ARP. Rationale: Address Resolution Protocol (ARP) provides resolution between IP and MAC Addresses (or other...Ensure Remote Login Class for Authorization through External AAA – login class
Details External AAA servers should be utilized to provide Authorization via a single ‘Remote’ template account. Rationale: JUNOS routers ship...Ensure Remote Login Class for Authorization through External AAA – remote class
Details External AAA servers should be utilized to provide Authorization via a single ‘Remote’ template account. Rationale: JUNOS routers ship...Ensure RPKI is set for Origin Validation of EBGP peers
Details Use RPKI for Origin Validation on Public BGP Peering Rationale: In addition to filtering Bogon and Maritan routes JUNOS...Ensure Secure Neighbor Discovery is configured
Details NDP should be protected. Rationale: One of the primary functions of NDP is to resolve Network Layer (IP) addresses...Ensure SHA1 is set for SNMPv3 authentication
Details Do not allow unauthenticated SNMPv3 access. Rationale: SNMPv3 provides much improved security over previous versions by offering options for...