CISC-L2-000010 – The Cisco switch must be configured to disable non-essential capabilities – no ip boot server
Details A compromised switch introduces risk to the entire network infrastructure as well as data resources that are accessible via...
- Home
- Security Hardening
- DISA STIG Cisco IOS Switch L2S V2R2
DISA STIG Cisco IOS Switch L2S V2R2
CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – aaa authentication
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – aaa group
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – aaa new-model
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – dot1x system-auth-control
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – interface dot1x
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – radius server
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000030 – The Cisco switch must authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available.
Details VTP provides central management of VLAN domains, thus reducing administration in a switched network. When configuring a new VLAN...CISC-L2-000040 – The Cisco switch must manage excess bandwidth to limit the effects of packet-flooding types of denial-of-service (DoS) attacks.
Details Denial of service is a condition when a resource is not available for legitimate users. Packet-flooding DDoS attacks are...CISC-L2-000060 – The Cisco switch must be configured for authorized users to select a user session to capture.
Details Without the capability to select a user session to capture/record or view/hear, investigations into suspicious or harmful events would...