SEL-2740S L2S Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The SEL-2740S must be configured to mitigate the risk of ARP cache poisoning attacks.
<VulnDiscussion>The SEL-2740S must deter ARP cache poisoning attacks and configure the specific ARP flows that are only necessary to the cont...Rule Medium Severity -
SRG-NET-000512-L2S-000029
<GroupDescription></GroupDescription>Group -
The SEL-2740S must be configured to capture all packets without flow rule match criteria.
<VulnDiscussion>The OTSDN switch must be capable of capturing frames that are not engineered to be in the network and send them to a Security...Rule Medium Severity -
SRG-NET-000512-L2S-000030
<GroupDescription></GroupDescription>Group -
The SEL-2740S must be configured to permit the allowed and necessary ports, functions, protocols, and services.
<VulnDiscussion>A compromised switch introduces risk to the entire network infrastructure as well as data resources that are accessible via t...Rule Medium Severity -
SRG-NET-000193-L2S-000020
<GroupDescription></GroupDescription>Group -
SRG-NET-000362-L2S-000027
<GroupDescription></GroupDescription>Group -
The SEL-2740S must be configured with backup flows for all host and switch flows to ensure proper failover scheme is in place for the network.
<VulnDiscussion>The SEL-2740S must be capable of multiple fast failover, backup and in cases isolation of the traffic from a detected threat ...Rule Medium Severity -
SRG-NET-000512-L2S-000031
<GroupDescription></GroupDescription>Group -
The SEL-2740S must be configured to forward only frames from allowed network-connected endpoint devices.
<VulnDiscussion>By only allowing frames to be forwarded from known end-points mitigates risks associated with broadcast, unknown unicast, and...Rule Medium Severity -
SRG-NET-000131-L2S-000014
<GroupDescription></GroupDescription>Group -
SRG-NET-000512-L2S-000028
<GroupDescription></GroupDescription>Group -
The SEL-2740S must be configured with ARP flow rules that are statically created with valid IP-to-MAC address bindings.
<VulnDiscussion>DAI intercepts Address Resolution Protocol (ARP) requests and verifies that each of these packets has a valid IP-to-MAC addre...Rule Medium Severity -
SRG-NET-000343-L2S-000016
<GroupDescription></GroupDescription>Group -
The SEL-2740S -must be configured to limit excess bandwidth and denial of service (DoS) attacks.
<VulnDiscussion>Denial of service is a condition when a resource is not available for legitimate users. Packet flooding DDoS attacks are refe...Rule Medium Severity -
SRG-NET-000331-L2S-000001
<GroupDescription></GroupDescription>Group -
The SEL-2740S must be configured to packet capture flows.
<VulnDiscussion>Without the capability to select a user session to capture/record or view/hear, investigations into suspicious or harmful eve...Rule Medium Severity -
SRG-NET-000332-L2S-000002
<GroupDescription></GroupDescription>Group -
The SEL-2740S must be configured to capture flows for real-time visualization tools.
<VulnDiscussion>Without the capability to remotely view/hear all content related to a user session, investigations into suspicious user activ...Rule Medium Severity -
SRG-NET-000362-L2S-000024
<GroupDescription></GroupDescription>Group -
The SEL-2740S must be configured to prevent packet flooding and bandwidth saturation.
<VulnDiscussion>Access layer switches use the Content Addressable Memory (CAM) table to direct traffic to specific ports based on the VLAN nu...Rule Medium Severity -
SRG-NET-000362-L2S-000026
<GroupDescription></GroupDescription>Group -
SEL-2740S flow rules must include the host IP addresses that are bound to designated SEL-2740S ports for ensuring trusted host access.
<VulnDiscussion>IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legit...Rule Medium Severity -
The SEL-2740S must authenticate all network-connected endpoint devices before establishing any connection.
<VulnDiscussion>Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity. ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.