Cisco IOS Router RTR Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3–255.
The routing header can be used maliciously to send a packet through a path where less robust security is in place, rather than through the presumably preferred path of routing protocols. Use of the...Rule Medium Severity -
SRG-NET-000018-RTR-000001
Group -
SRG-NET-000168-RTR-000078
Group -
SRG-NET-000019-RTR-000007
Group -
The Cisco router must be configured to have all inactive interfaces disabled.
An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface. Unauthorized personnel with access to the communication facility could ga...Rule Low Severity -
SRG-NET-000362-RTR-000109
Group -
SRG-NET-000362-RTR-000110
Group -
The Cisco router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.
The Route Processor (RP) is critical to all network operations because it is the component used to build all forwarding paths for the data plane via control plane processes. It is also instrumental...Rule High Severity -
SRG-NET-000362-RTR-000111
Group -
The Cisco router must be configured to have Gratuitous ARP disabled on all external interfaces.
A gratuitous ARP is an ARP broadcast in which the source and destination MAC addresses are the same. It is used to inform the network about a host IP address. A spoofed gratuitous ARP message can c...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.