The Juniper router must be configured to log all packets that have been dropped.

An XCCDF Rule

Description

<VulnDiscussion>Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done or attempted to be done, and by whom, to compile an accurate risk assessment. Auditing the actions on network devices provides a means to recreate an attack or identify a configuration mistake on the device.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253998r844027_rule
Severity: Low
References: CCI-000134
Updated: 17 days ago

Configure interface firewall filters to log all deny statements.

All discarding firewall filter terms:
<filter terms and match conditions>
set firewall family inet filter <filter name> term <name> then log
set firewall family inet filter <filter name> term <name> then syslog <<< Minimally must be configured for all discarding filter terms.set firewall family inet filter <filter name> term <name> then discard

<filter terms and match conditions>
set firewall family inet6 filter <filter name> term <name> then log
set firewall family inet6 filter <filter name> term <name> then syslog <<< Minimally must be configured for all discarding filter terms.
set firewall family inet6 filter <filter name> term <name> then discard

The Juniper router must be configured to log all packets that have been dropped.

Description

Remediation - Manual Procedure