CISC-L2-000010 – The Cisco switch must be configured to disable non-essential capabilities.
Details A compromised switch introduces risk to the entire network infrastructure as well as data resources that are accessible via...
- Home
- Security Hardening
- DISA STIG Cisco NX OS Switch L2S V2R1
DISA STIG Cisco NX OS Switch L2S V2R1
CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – aaa authentication
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – aaa group
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – dot1x port-control auto
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – interface dot1x
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000020 – The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection – radius server
Details Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to...CISC-L2-000030 – The Cisco switch must authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available.
Details VLAN Trunk Protocol (VTP) provides central management of VLAN domains, thus reducing administration in a switched network. When configuring...CISC-L2-000060 – The Cisco switch must be configured for authorized users to select a user session to capture.
Details Without the capability to select a user session to capture/record or view/hear, investigations into suspicious or harmful events would...CISC-L2-000070 – The Cisco switch must be configured for authorized users to remotely view, in real time, all content related to an established user session from a component separate from The Cisco switch.
Details Without the capability to remotely view/hear all content related to a user session, investigations into suspicious user activity would...CISC-L2-000080 – The Cisco switch must authenticate all endpoint devices before establishing any connection – aaa authentication
Details Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. For distributed architectures (e.g., service-oriented...