The Dell OS10 BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.

An XCCDF Rule

Description

If the same keys are used between eBGP neighbors, the chance of a hacker compromising any of the BGP sessions increases. It is possible that a malicious user exists in one autonomous system who would know the key used for the eBGP session. This user would then be able to hijack BGP sessions with other trusted neighbors.

ID: SV-269883r1052034_rule
Version: OS10-RTR-000550
Severity: Medium
References: CCI-001184
Updated: about 2 months ago

Remediation Templates

Configure unique keys for each AS that the router peers with.

OS10(config)# interface vlan 400
OS10(conf-if-vl-400)# ipv6 ospf 10 area 0.0.0.1
OS10(conf-if-vl-400)# ipv6 ospf authentication ipsec spi 4018 sha1 1234567890123456789012345678901234567890
OS10(conf-if-vl-400)# ip ospf 1 area 0.0.0.1OS10(conf-if-vl-400)# ip ospf message-digest-key 1 md5 $$9d5679ab0b6ff43439c05e8059fefcccf05a20062d9679720bdecd630843c545
OS10(conf-if-vl-400)# exit

The Dell OS10 BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.

Description

Remediation Templates

A Manual Procedure