Skip to content
Log In

Juniper EX Series Switches Router Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The Juniper router must be configured in accordance with the security configuration settings based on DoD security configuration or implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs.

    Configuring the network device to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security base...
    Rule Medium Severity
    Show

  • SRG-NET-000205-RTR-000006

    Group
    Show

  • SRG-NET-000364-RTR-000203

    Group
    Show

  • SRG-NET-000512-RTR-000007

    Group
    Show

  • The Juniper BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core.

    Outbound route advertisements belonging to the core can result in traffic either looping or being black holed, or at a minimum, using a nonoptimized path.
    Rule Medium Severity
    Show

  • SRG-NET-000205-RTR-000007

    Group
    Show

  • The Juniper router must not be configured to have any feature enabled that calls home to the vendor.

    Call home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission o...
    Rule Medium Severity
    Show

  • SRG-NET-000168-RTR-000077

    Group
    Show

  • SRG-NET-000018-RTR-000001

    Group
    Show

  • SRG-NET-000018-RTR-000002

    Group
    Show

  • SRG-NET-000018-RTR-000003

    Group
    Show

  • The Juniper BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).

    Accepting route advertisements belonging to the local AS can result in traffic looping, being black holed, or at a minimum using a nonoptimized path.
    Rule Medium Severity
    Show

  • SRG-NET-000018-RTR-000004

    Group
    Show

  • SRG-NET-000018-RTR-000005

    Group
    Show

  • The Juniper BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS).

    Advertisement of routes by an AS for networks that do not belong to any of its customers pulls traffic away from the authorized network. This causes a denial of service (DoS) on the network that al...
    Rule Medium Severity
    Show

  • SRG-NET-000018-RTR-000006

    Group
    Show

  • SRG-NET-000018-RTR-000007

    Group
    Show

  • The Juniper router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.

    Information flow control regulates authorized information to travel within a network and between interconnected networks. Controlling the flow of network traffic is critical so it does not introduc...
    Rule Medium Severity
    Show

  • SRG-NET-000019-RTR-000003

    Group
    Show

  • SRG-NET-000019-RTR-000009

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules