Router Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.
<VulnDiscussion>If the same keys are used between eBGP neighbors, the chance of a hacker compromising any of the BGP sessions increases. It i...Rule Medium Severity -
SRG-NET-000230
<GroupDescription></GroupDescription>Group -
The MPLS router must be configured to have TTL Propagation disabled.
<VulnDiscussion>The head end of the label-switched path (LSP), the label edge router (LER) will decrement the IP packet's time-to-live (TTL) ...Rule Medium Severity -
SRG-NET-000512
<GroupDescription></GroupDescription>Group -
The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
<VulnDiscussion>The primary security model for an MPLS L3VPN infrastructure is traffic separation. The service provider must guarantee the cu...Rule High Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules