NET0230 – Network devices must be password protected. – ‘ASDM authentication’
Details Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization’s security policy. Access to the...
- Home
- Security Hardening
- DISA STIG Cisco Firewall V8R25
DISA STIG Cisco Firewall V8R25
NET0230 – Network devices must be password protected. – ‘enable authentication’
Details Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization’s security policy. Access to the...NET0230 – Network devices must be password protected. – ‘no telnet authentication’
Details Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization’s security policy. Access to the...NET0230 – Network devices must be password protected. – ‘serial authentication’
Details Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization’s security policy. Access to the...NET0230 – Network devices must be password protected. – ‘ssh authentication’
Details Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization’s security policy. Access to the...NET0240 – Network devices must not have any default manufacturer passwords.
Details Network devices not protected with strong password schemes provide the opportunity for anyone to crack the password thus gaining...NET0340 – Network devices must display the DoD-approved logon banner warning.
Details All network devices must present a DoD-approved warning banner prior to a system administrator logging on. The banner should...NET0366 – The SA must configure the firewall for the minimum content and protocol inspection requirements.
Details Creating a filter to allow a port or service through the firewall without content or protocol inspection creates a...NET0375 – The device must be configured to protect the network against denial of service attacks such as Ping of Death, TCP SYN floods, etc.
Details A SYN-flood attack is a denial-of-service attack where the attacker sends a huge amount of please-start-a-connection packets and then...NET0377 – The firewall must not utilize any services or capabilities that are not necessary for the administration of the firewall.
Details The risk of an attack increases with more services enabled on the firewall, since the firewall will listen for...