Skip to content

Router Security Requirements Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.

    <VulnDiscussion>Vulnerability assessments must be reviewed by the System Administrator, and protocols must be approved by the Information Ass...
    Rule Medium Severity
  • SRG-NET-000205

    <GroupDescription></GroupDescription>
    Group
  • The perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction.

    &lt;VulnDiscussion&gt;Access lists are used to separate data traffic into that which it will route (permitted packets) and that which it will not r...
    Rule Medium Severity
  • SRG-NET-000205

    <GroupDescription></GroupDescription>
    Group
  • The perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.

    &lt;VulnDiscussion&gt;Access lists are used to separate data traffic into that which it will route (permitted packets) and that which it will not r...
    Rule Medium Severity
  • SRG-NET-000205

    <GroupDescription></GroupDescription>
    Group
  • The BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core.

    &lt;VulnDiscussion&gt;Outbound route advertisements belonging to the core can result in traffic either looping or being black holed, or at a minimu...
    Rule Medium Severity
  • SRG-NET-000205

    <GroupDescription></GroupDescription>
    Group
  • The PE router must be configured to block any traffic that is destined to IP core infrastructure.

    &lt;VulnDiscussion&gt;IP/MPLS networks providing VPN and transit services must provide, at the least, the same level of protection against denial-o...
    Rule High Severity
  • The router must be configured to have Gratuitous ARP disabled on all external interfaces.

    &lt;VulnDiscussion&gt;A gratuitous ARP is an ARP broadcast in which the source and destination MAC addresses are the same. It is used to inform the...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules