Skip to content
Log In

Juniper Router NDM Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000001-NDM-000200

    Group
    Show

  • SRG-APP-000026-NDM-000208

    Group
    Show

  • The Juniper router must be configured to automatically audit account creation.

    Upon gaining access to a network device, an attacker will often first attempt to create a persistent method of reestablishing access. One way to accomplish this is to create a new account. Notifica...
    Rule Medium Severity
    Show

  • SRG-APP-000027-NDM-000209

    Group
    Show

  • SRG-APP-000028-NDM-000210

    Group
    Show

  • The Juniper router must be configured to automatically audit account disabling actions.

    Account management, as a whole, ensures access to the network device is being controlled in a secure manner by granting access to only authorized personnel. Auditing account disabling actions will ...
    Rule Medium Severity
    Show

  • SRG-APP-000029-NDM-000211

    Group
    Show

  • The Juniper router must be configured to automatically audit account removal actions.

    Account management, as a whole, ensures access to the network device is being controlled in a secure manner by granting access to only authorized personnel. Auditing account removal actions will su...
    Rule Medium Severity
    Show

  • SRG-APP-000038-NDM-000213

    Group
    Show

  • SRG-APP-000065-NDM-000214

    Group
    Show

  • The Juniper router must be configured to enforce the limit of three consecutive invalid logon attempts after which time lock out the user account from accessing the device for 15 minutes.

    By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced.
    Rule Medium Severity
    Show

  • SRG-APP-000068-NDM-000215

    Group
    Show

  • SRG-APP-000080-NDM-000220

    Group
    Show

  • SRG-APP-000091-NDM-000223

    Group
    Show

  • The Juniper router must be configured to generate audit records when successful/unsuccessful attempts to logon with access privileges occur.

    Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an in...
    Rule Medium Severity
    Show

  • SRG-APP-000101-NDM-000231

    Group
    Show

  • The Juniper router must be configured to generate audit records containing the full-text recording of privileged commands.

    Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. Organizations consider limiting the additional audit information to only ...
    Rule Medium Severity
    Show

  • SRG-APP-000119-NDM-000236

    Group
    Show

  • SRG-APP-000120-NDM-000237

    Group
    Show

  • The Juniper router must be configured to protect audit information from unauthorized deletion.

    Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. If audit data were to become compromis...
    Rule Medium Severity
    Show

  • SRG-APP-000133-NDM-000244

    Group
    Show

  • The Juniper router must be configured to limit privileges to change the software resident within software libraries.

    Changes to any software components of the network device can have significant effects on the overall security of the network. Therefore, only qualified and authorized individuals should be allowed ...
    Rule Medium Severity
    Show

  • SRG-APP-000142-NDM-000245

    Group
    Show

  • SRG-APP-000148-NDM-000346

    Group
    Show

  • SRG-APP-000156-NDM-000250

    Group
    Show

  • The Juniper router must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts.

    A replay attack may enable an unauthorized user to gain access to the application. Authentication sessions between the authenticator and the application validating the user credentials must not be ...
    Rule Medium Severity
    Show

  • SRG-APP-000164-NDM-000252

    Group
    Show

  • SRG-APP-000166-NDM-000254

    Group
    Show

  • SRG-APP-000167-NDM-000255

    Group
    Show

  • SRG-APP-000168-NDM-000256

    Group
    Show

  • The Juniper router must be configured to enforce password complexity by requiring that at least one numeric character be used.

    Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...
    Rule Medium Severity
    Show

  • SRG-APP-000169-NDM-000257

    Group
    Show

  • SRG-APP-000190-NDM-000267

    Group
    Show

  • The Juniper router must be configured to terminate all network connections associated with device management after five minutes of inactivity.

    Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port th...
    Rule High Severity
    Show

  • SRG-APP-000319-NDM-000283

    Group
    Show

  • SRG-APP-000343-NDM-000289

    Group
    Show

  • The Juniper router must be configured to audit the execution of privileged functions.

    Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and...
    Rule Medium Severity
    Show

  • SRG-APP-000357-NDM-000293

    Group
    Show

  • SRG-APP-000360-NDM-000295

    Group
    Show

  • SRG-APP-000373-NDM-000298

    Group
    Show

  • SRG-APP-000374-NDM-000299

    Group
    Show

  • The Juniper router must be configured to record time stamps for log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).

    If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by the application include date and time. Tim...
    Rule Medium Severity
    Show

  • SRG-APP-000378-NDM-000302

    Group
    Show

  • The Juniper router must be configured to prohibit installation of software without explicit privileged status.

    Allowing anyone to install software, without explicit privileges, creates the risk that untested or potentially malicious software will be installed on the system. This requirement applies to code ...
    Rule Medium Severity
    Show

  • SRG-APP-000395-NDM-000310

    Group
    Show

  • SRG-APP-000395-NDM-000310

    Group
    Show

  • SRG-APP-000395-NDM-000347

    Group
    Show

  • The Juniper router must be configured to authenticate NTP sources using authentication that is cryptographically based.

    If Network Time Protocol is not authenticated, an attacker can introduce a rogue NTP server. This rogue server can then be used to send incorrect time information to network devices, which will mak...
    Rule Medium Severity
    Show

  • SRG-APP-000411-NDM-000330

    Group
    Show

  • SRG-APP-000412-NDM-000331

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules