III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-NET-000192-RTR-000002
Group -
The Juniper PE router must be configured to limit the number of MAC addresses it can learn for each Virtual Private LAN Services (VPLS) bridge domain.
VPLS defines an architecture that delivers Ethernet multipoint services over an MPLS network. Customer layer 2 frames are forwarded across the MPLS core via pseudowires using IEEE 802.1q Ethernet b...Rule Medium Severity -
SRG-NET-000193-RTR-000001
Group -
The Juniper MPLS router with RSVP-TE enabled must be configured to enable refresh reduction features.
RSVP-TE can be used to perform constraint-based routing when building LSP tunnels within the network core that will support QoS and traffic engineering requirements. RSVP-TE is also used to enable ...Rule Low Severity -
SRG-NET-000193-RTR-000002
Group -
The Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces.
A traffic storm occurs when packets flood a VPLS bridge, creating excessive traffic and degrading network performance. Traffic storm control prevents VPLS bridge disruption by suppressing traffic w...Rule Medium Severity -
SRG-NET-000193-RTR-000112
Group -
The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.
DoS is a condition when a resource is not available for legitimate users. Packet flooding distributed denial-of-service (DDoS) attacks are referred to as volumetric attacks and have the objective o...Rule Medium Severity -
SRG-NET-000193-RTR-000113
Group -
The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile.
Different applications have unique requirements and toleration levels for delay, jitter, bandwidth, packet loss, and availability. To manage the multitude of applications and services, a network re...Rule Low Severity -
SRG-NET-000193-RTR-000114
Group -
The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.
Different applications have unique requirements and toleration levels for delay, jitter, bandwidth, packet loss, and availability. To manage the multitude of applications and services, a network re...Rule Low Severity -
SRG-NET-000202-RTR-000001
Group -
The Juniper perimeter router must be configured to deny network traffic by default and allow network traffic by exception.
A deny-all, permit-by-exception network communications traffic policy ensures that only connections that are essential and approved are allowed. This requirement applies to both inbound and outbou...Rule High Severity -
SRG-NET-000205-RTR-000001
Group -
The Juniper router must be configured to restrict traffic destined to itself.
The routing engine (RE) handles traffic destined to the router—the key component used to build forwarding paths and is also instrumental with all network management functions. Hence, any disruption...Rule High Severity -
SRG-NET-000205-RTR-000002
Group -
The Juniper router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself.
Fragmented ICMP packets can be generated by hackers for denial-of-service (DoS) attacks such as Ping O' Death and Teardrop. It is imperative that all fragmented ICMP packets are dropped.Rule Medium Severity -
SRG-NET-000205-RTR-000003
Group -
The Juniper perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.
Vulnerability assessments must be reviewed by the System Administrator, and protocols must be approved by the Information Assurance (IA) staff before entering the enclave. Stateless firewall filte...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.