Skip to content
Log In

Cisco IOS XE Switch RTR Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000362-RTR-000123

    Group
    Show

  • SRG-NET-000364-RTR-000116

    Group
    Show

  • SRG-NET-000343-RTR-000002

    Group
    Show

  • The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to authenticate all received MSDP packets.

    MSDP peering with customer network switches presents additional risks to the core, whether from a rogue or misconfigured MSDP-enabled switch. MSDP password authentication is used to validate each s...
    Rule Medium Severity
    Show

  • SRG-NET-000018-RTR-000007

    Group
    Show

  • SRG-NET-000018-RTR-000009

    Group
    Show

  • The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to limit the amount of source-active messages it accepts on a per-peer basis.

    To reduce any risk of a denial-of-service (DoS) attack from a rogue or misconfigured MSDP switch, the switch must be configured to limit the number of source-active messages it accepts from each peer.
    Rule Low Severity
    Show

  • SRG-NET-000512-RTR-000011

    Group
    Show

  • SRG-NET-000512-RTR-000100

    Group
    Show

  • SRG-NET-000512-RTR-000012

    Group
    Show

  • SRG-NET-000512-RTR-000013

    Group
    Show

  • SRG-NET-000512-RTR-000014

    Group
    Show

  • SRG-NET-000364-RTR-000200

    Group
    Show

  • SRG-NET-000364-RTR-000201

    Group
    Show

  • SRG-NET-000364-RTR-000202

    Group
    Show

  • The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values.

    These options are intended to be for the Destination Options header only. The optional and extensible natures of the IPv6 extension headers require higher scrutiny since many implementations do not...
    Rule Medium Severity
    Show

  • SRG-NET-000364-RTR-000203

    Group
    Show

  • SRG-NET-000364-RTR-000204

    Group
    Show

  • The Cisco perimeter switch must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option.

    The optional and extensible natures of the IPv6 extension headers require higher scrutiny since many implementations do not always drop packets with headers that it cannot recognize, and hence coul...
    Rule Medium Severity
    Show

  • SRG-NET-000364-RTR-000205

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules