Ensure SNMP is set to OOB management only
Details SNMP should only be configured on Out of Band management interfaces. Rationale: By default the SNMP service will listen...
- Home
- Security Hardening
- CIS Juniper OS Benchmark V2.1.0 L2
CIS Juniper OS Benchmark V2.1.0 L2
Ensure SNMP Write Access is not set
Details Do not allow Read-Write SNMP access. Rationale: SNMP can be used to read and write configuration information from a...Ensure SSH Key Authentication is Disabled
Details SSH Key based Authentication should be disabled (if not used for automation) Rationale: Due to the sensitive nature of...Ensure Strong Authentication Methods are used for NTP Authentication
Details Strong authentication methods should be set for NTP Servers Rationale: Having established the need for NTP, it is essential...Ensure VRRP authentication-key is set
Details VRRP authentication should be used where other security mechanisms are not in place. Rationale: VRRP provides resilience for a...Ensure Web-Management Interface Restriction is set to OOB Management
Details JWeb access should be restricted to trusted networks Rationale: By default, when configured, the JWeb service will listen for...Ensure Web-Management is Set to use PKI Certificate for HTTPS
Details JWeb should only be accessed using HTTPS with a PKI Certificate Rationale: JWeb can be configured to provide a...Ensure XNM-SSL Connection Limit is Set
Details If the XNM-SSL service is configured, connection limits should be set. Rationale: JUNOScript can be configured to use SSL...Forbid Dial in Access
Details Dial in access should not be used on sensitive routers. Rationale: Some JUNOS routers support the use of a...Recommend Accounting of Interactive Commands (where External AAA is used)
Details Where External AAA is used, Interactive Command Accounting Events should be sent to either TACACS+ or RADIUS. Rationale: To...