NET-IPV6-016 – ICMPv6 unreachable notifications and redirects must be disabled – ‘no ipv6 redirects’
Details The network element must be configured so that ICMPv6 unreachable notifications and redirects are disabled on all external facing...
- Home
- Security Hardening
- DISA STIG Cisco Perimeter Router V8R32
DISA STIG Cisco Perimeter Router V8R32
NET-IPV6-011 – Outbound ICMPv6 traffic is not blocked – ‘deny ipv6 any any log-input’
Details The network element can permit outbound ICMPv6 messages Packet-too-big (type 2), Echo Request (type 128), and Neighborhood Discovery (type...NET-IPV6-016 – ICMPv6 unreachable notifications and redirects must be disabled – ‘no ipv6 unreachables’
Details The network element must be configured so that ICMPv6 unreachable notifications and redirects are disabled on all external facing...NET-IPV6-016 – ICMPv6 unreachable notifications and redirects must be disabled – ‘Null0 – no ipv6 unreachables’
Details The network element must be configured so that ICMPv6 unreachable notifications and redirects are disabled on all external facing...NET-IPV6-017 – IPv6 Routing Header is not blocked – ‘deny routing log’
Details The network element must be configured to ensure the routing header extension type 0, 1, and 3-255 are rejected...NET-IPV6-017 – IPv6 Routing Header is not blocked – ‘permit type 2’
Details The network element must be configured to ensure the routing header extension type 0, 1, and 3-255 are rejected...NET-IPV6-024 – IPv6 6-to-4 addresses are not filtered – ‘deny ipv6 2002::/16 any log’
Details The IAO/NSO will ensure IPv6 6-to-4 addresses with a prefix of 2002–/16 are dropped at the enclave perimeter by...NET-IPV6-024 – IPv6 6-to-4 addresses are not filtered – ‘deny ipv6 any 2002::/16 log’
Details The IAO/NSO will ensure IPv6 6-to-4 addresses with a prefix of 2002–/16 are dropped at the enclave perimeter by...NET-IPV6-024 – IPv6 6-to-4 addresses are not filtered – ‘Egress deny ipv6 2002::/16 any log’
Details The IAO/NSO will ensure IPv6 6-to-4 addresses with a prefix of 2002–/16 are dropped at the enclave perimeter by...NET-IPV6-024 – IPv6 6-to-4 addresses are not filtered – ‘Egress deny ipv6 any 2002::/16 log’
Details The IAO/NSO will ensure IPv6 6-to-4 addresses with a prefix of 2002–/16 are dropped at the enclave perimeter by...