Cisco IOS XE Router RTR Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000205-RTR-000008
<GroupDescription></GroupDescription>Group -
The Cisco PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces.
<VulnDiscussion>The uRPF feature is a defense against spoofing and denial of service (DoS) attacks by verifying if the source address of any ...Rule Medium Severity -
SRG-NET-000193-RTR-000113
<GroupDescription></GroupDescription>Group -
The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.
<VulnDiscussion>Different applications have unique requirements and toleration levels for delay, jitter, bandwidth, packet loss, and availabi...Rule Low Severity -
SRG-NET-000193-RTR-000114
<GroupDescription></GroupDescription>Group -
The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.
<VulnDiscussion>Different applications have unique requirements and toleration levels for delay, jitter, bandwidth, packet loss, and availabi...Rule Low Severity -
SRG-NET-000193-RTR-000112
<GroupDescription></GroupDescription>Group -
The Cisco multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries.
<VulnDiscussion>MSDP peering between networks enables sharing of multicast source information. Enclaves with an existing multicast topology u...Rule Low Severity -
SRG-NET-000019-RTR-000013
<GroupDescription></GroupDescription>Group -
The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial of service (DoS) attacks.
<VulnDiscussion>DoS is a condition when a resource is not available for legitimate users. Packet flooding distributed denial of service (DDoS...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.