Skip to content
Log In

Dell OS10 Switch Router Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The Dell OS10 Router must be configured to advertise a hop limit of at least 32 in Router Advertisement messages for IPv6 stateless auto-configuration deployments.

    The Neighbor Discovery protocol allows a hop limit value to be advertised by routers in a Router Advertisement message being used by hosts instead of the standardized default value. If a very small...
    Rule Low Severity
    Show

  • SRG-NET-000512-RTR-000013

    Group
    Show

  • The Dell OS10 Router must not be configured to use IPv6 Site Local Unicast addresses.

    As currently defined, site local addresses are ambiguous and can be present in multiple sites. The address itself does not contain any indication of the site to which it belongs. The use of site-lo...
    Rule Medium Severity
    Show

  • SRG-NET-000512-RTR-000014

    Group
    Show

  • SRG-NET-000131-RTR-000083

    Group
    Show

  • The Dell OS10 Router must not be configured to have any feature enabled that calls home to the vendor.

    Call home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission o...
    Rule Medium Severity
    Show

  • The Dell OS10 BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS).

    Advertisement of routes by an autonomous system for networks that do not belong to any of its customers pulls traffic away from the authorized network. This causes a denial of service (DoS) on the ...
    Rule Medium Severity
    Show

  • The Dell OS10 multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled.

    PIM is a routing protocol used to build multicast distribution trees for forwarding multicast traffic across the network infrastructure. PIM traffic must be limited to only known PIM neighbors by c...
    Rule Medium Severity
    Show

  • The Dell OS10 Router must be configured to have all inactive interfaces disabled.

    An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface. Unauthorized personnel with access to the communication facility could ga...
    Rule Low Severity
    Show

  • The perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider.

    ISPs use BGP to share route information with other autonomous systems (i.e., other ISPs and corporate networks). If the perimeter router was configured to BGP peer with an ISP, NIPRnet routes could...
    Rule High Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules