Dell OS10 Switch Layer 2 Switch Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000148-L2S-000015
Group -
The Dell OS10 Switch must uniquely identify all network-connected endpoint devices before establishing any connection.
Controlling LAN access via 802.1x authentication can assist in preventing a malicious user from connecting an unauthorized PC to a switch port to inject or receive data from the network without det...Rule High Severity -
SRG-NET-000193-L2S-000020
Group -
SRG-NET-000362-L2S-000021
Group -
The Dell OS10 Switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts.
Spanning Tree Protocol (STP) does not provide any means for the network administrator to securely enforce the topology of the switched network. Any switch can be the root bridge in a network. Howev...Rule Low Severity -
SRG-NET-000362-L2S-000022
Group -
The Dell OS10 Switch must have BPDU Guard enabled on all user-facing or untrusted access switch ports.
If a rogue switch is introduced into the topology and transmits a Bridge Protocol Data Unit (BPDU) with a lower bridge priority than the existing root bridge, it will become the new root bridge and...Rule Medium Severity -
SRG-NET-000362-L2S-000023
Group -
SRG-NET-000362-L2S-000024
Group -
The Dell OS10 Switch must have Unknown Unicast Flood Blocking (UUFB) enabled.
Access layer switches use the Content Addressable Memory (CAM) table to direct traffic to specific ports based on the VLAN number and the destination MAC address of the frame. When a router has an ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.