CISC-RT-000160 – The Cisco switch must be configured to have IP directed broadcast disabled on all interfaces.
Details An IP directed broadcast is a datagram sent to the broadcast address of a subnet that is not directly...
- Home
- Security Hardening
- DISA STIG Cisco IOS Switch RTR V2R1
DISA STIG Cisco IOS Switch RTR V2R1
CISC-RT-000170 – The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces – DODIN Backbone
Details The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Switches automatically send ICMP messages...CISC-RT-000170 – The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces – ip unreachables
Details The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Switches automatically send ICMP messages...CISC-RT-000180 – The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) mask reply messages disabled on all external interfaces.
Details The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Switches automatically send ICMP messages...CISC-RT-000190 – The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces.
Details The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Switches automatically send ICMP messages...CISC-RT-000200 – The Cisco switch must be configured to log all packets that have been dropped at interfaces via an access control list (ACL).
Details Auditing and logging are key components of any security architecture. It is essential for security personnel to know what...CISC-RT-000210 – The Cisco switch must be configured to produce audit records containing information to establish where the events occurred.
Details Without establishing where events occurred, it is impossible to establish, correlate, and investigate the events leading up to an...CISC-RT-000220 – The Cisco switch must be configured to produce audit records containing information to establish the source of the events.
Details Without establishing the source of the event, it is impossible to establish, correlate, and investigate the events leading up...CISC-RT-000230 – The Cisco switch must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication.
Details The use of POTS lines to modems connecting to network devices provides clear text of authentication traffic over commercial...CISC-RT-000236 – The Cisco switch must be configured to advertise a hop limit of at least 32 in Switch Advertisement messages for IPv6 stateless auto-configuration deployments.
Details The Neighbor Discovery protocol allows a hop limit value to be advertised by routers in a Router Advertisement message...