Skip to content

Juniper EX Series Switches Router Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The Juniper router must be configured to restrict traffic destined to itself.

    <VulnDiscussion>The routing engine (RE) handles traffic destined to the router—the key component used to build forwarding paths and is also i...
    Rule High Severity
  • SRG-NET-000205-RTR-000002

    <GroupDescription></GroupDescription>
    Group
  • The Juniper router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself.

    &lt;VulnDiscussion&gt;Fragmented ICMP packets can be generated by hackers for denial-of-service (DoS) attacks such as Ping O' Death and Teardrop. I...
    Rule Medium Severity
  • SRG-NET-000205-RTR-000003

    <GroupDescription></GroupDescription>
    Group
  • The Juniper perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.

    &lt;VulnDiscussion&gt;Vulnerability assessments must be reviewed by the System Administrator, and protocols must be approved by the Information Ass...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules