The Juniper perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
An XCCDF Rule
Description
<VulnDiscussion>Information flow control regulates authorized information to travel within a network and between interconnected networks. Controlling the flow of network traffic is critical so it does not introduce any unacceptable risk to the network infrastructure or data. An example of a flow control restriction is blocking outside traffic claiming to be from within the organization. For most routers, internal information flow control is a product of system design.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-217030r604135_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
This requirement is not applicable for the DODIN Backbone.
[edit firewall family inet]
set filter FILTER_INBOUND_TRAFFIC term TCP_ESTABLISHED from tcp-established
set filter FILTER_INBOUND_TRAFFIC term TCP_ESTABLISHED then accept
set filter FILTER_INBOUND_TRAFFIC term ALLOW_BGP from source-address x.1.12.1/32