Skip to content

Arista MLS EOS 4.2x Router Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000512-RTR-000013

    <GroupDescription></GroupDescription>
    Group
  • The Arista router must not be configured to use IPv6 Site Local Unicast addresses.

    &lt;VulnDiscussion&gt;As currently defined, site local addresses are ambiguous and can be present in multiple sites. The address itself does not co...
    Rule Medium Severity
  • SRG-NET-000512-RTR-000014

    <GroupDescription></GroupDescription>
    Group
  • The Arista perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces.

    &lt;VulnDiscussion&gt;Many of the known attacks in stateless autoconfiguration are defined in RFC 3756 were present in IPv4 ARP attacks. To mitigat...
    Rule Medium Severity
  • SRG-NET-000205-RTR-000015

    <GroupDescription></GroupDescription>
    Group
  • The perimeter router must be configured to block all packets with any IP options.

    &lt;VulnDiscussion&gt;Packets with IP options are not fast routered and henceforth must be punted to the router processor. Hackers who initiate den...
    Rule Medium Severity
  • SRG-NET-000205-RTR-000016

    <GroupDescription></GroupDescription>
    Group
  • The PE router must be configured to ignore or block all packets with any IP options.

    &lt;VulnDiscussion&gt;Packets with IP options are not fast routered and therefore must be punted to the router processor. Hackers who initiate deni...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules