CISC-RT-000040 – The Cisco router must be configured to use encryption for routing protocol authentication – OSPF
Details A rogue router could send a fictitious routing update to convince a site’s perimeter router to send traffic to...
- Home
- Security Hardening
- DISA STIG Cisco IOS XE Router RTR V2R3
DISA STIG Cisco IOS XE Router RTR V2R3
CISC-RT-000040 – The Cisco router must be configured to use encryption for routing protocol authentication – RIP
Details A rogue router could send a fictitious routing update to convince a site’s perimeter router to send traffic to...CISC-RT-000050 – The Cisco router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm.
Details A rogue router could send a fictitious routing update to convince a site’s perimeter router to send traffic to...CISC-RT-000080 – The Cisco router must not be configured to have any feature enabled that calls home to the vendor.
Details Call home services will routinely send data such as configuration and diagnostic information to the vendor for routine or...CISC-RT-000060 – The Cisco router must be configured to have all inactive interfaces disabled.
Details An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that...CISC-RT-000070 – The Cisco router must be configured to have all non-essential capabilities disabled.
Details A compromised router introduces risk to the entire network infrastructure, as well as data resources that are accessible via...CISC-RT-000090 – The Cisco router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network.
Details Network devices that are configured via a zero-touch deployment or auto-loading feature can have their startup configuration or image...CISC-RT-000120 – The Cisco router must be configured to protect against or limit the effects of denial of service (DoS) attacks by employing control plane protection – DoS attacks by employing control plane protection.
Details The Route Processor (RP) is critical to all network operations because it is the component used to build all...CISC-RT-000130 – The Cisco router must be configured to restrict traffic destined to itself.
Details The route processor handles traffic destined to the router-the key component used to build forwarding paths and is instrumental...CISC-RT-000140 – The Cisco router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself – external
Details Fragmented ICMP packets can be generated by hackers for DoS attacks such as Ping O’ Death and Teardrop. It...