HPE Aruba Networking AOS VPN Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Remote Access VPN Gateway must use a separate authentication server (e.g., Lightweight Directory Access Protocol [LDAP], Remote Authentication Dial-In User Service [RADIUS], Terminal Access Controller Access-Control System+ [TACACS+] to perform user authentication.
The VPN interacts directly with public networks and devices and should not contain user authentication information for all users. Authentication, Authorization, and Accounting (AAA) network securit...Rule Medium Severity -
SRG-NET-000138-VPN-000490
Group -
SRG-NET-000213-VPN-000721
Group -
SRG-NET-000337-VPN-001300
Group -
SRG-NET-000132-VPN-000470
Group -
The Remote Access VPN Gateway must be configured to prohibit Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding (L2F).
PPTP and L2F are obsolete methods for implementing virtual private networks. Both protocols may be easy to use and readily available, but they have many well-known security issues and exploits. Enc...Rule Medium Severity -
SRG-NET-000205-VPN-000710
Group -
SRG-NET-000369-VPN-001620
Group -
AOS, when used as a VPN Gateway, must disable split-tunneling for remote client VPNs.
Split tunneling would in effect allow unauthorized external connections, making the system more vulnerable to attack and to exfiltration of organizational information. A VPN hardware or software c...Rule Medium Severity -
SRG-NET-000512-VPN-002220
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.