NET0230 – Network devices must be password protected – root password set
Details Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization’s security policy. Access to the...
- Home
- Security Hardening
- DISA STIG Juniper Infrastructure Router V8R29
DISA STIG Juniper Infrastructure Router V8R29
NET0230 – Network devices must be password protected – ssh no-password
Details Network access control mechanisms interoperate to prevent unauthorized access and to enforce the organization’s security policy. Access to the...NET0240 – Network devices must not have any default manufacturer passwords.
Details Network devices not protected with strong password schemes provide the opportunity for anyone to crack the password thus gaining...NET0340 – Network devices must display the DoD-approved logon banner warning.
Details All network devices must present a DoD-approved warning banner prior to a system administrator logging on. The banner should...NET0400 – The network element must authenticate all IGP peers – IS-IS authentication-key
Details A rogue router could send a fictitious routing update to convince a site’s premise router to send traffic to...NET0400 – The network element must authenticate all IGP peers – IS-IS authentication-type
Details A rogue router could send a fictitious routing update to convince a site’s premise router to send traffic to...NET0400 – The network element must authenticate all IGP peers – OSPF
Details A rogue router could send a fictitious routing update to convince a site’s premise router to send traffic to...NET0400 – The network element must authenticate all IGP peers – RIP authentication-key
Details A rogue router could send a fictitious routing update to convince a site’s premise router to send traffic to...NET0400 – The network element must authenticate all IGP peers – RIP authentication-type
Details A rogue router could send a fictitious routing update to convince a site’s premise router to send traffic to...NET-IPV6-025 – The network device must be configured to ensure IPv6 Site Local Unicast addresses are not defined in the enclave, (FEC0::/10)
Details As currently defined, site local addresses are ambiguous and can be present in multiple sites. The address itself does...