Information
Logging changes to the BGP peering relationships is recommended.
Rationale:
Any logged changes in a routing peer relationship will in the best case indicate a service issue due to standard operational issues (connectivity issues and so on) or in the worst case, could indicate malicious activity attempting to subvert the peering relationship and/or the routing table.
Impact:
Errors on adjacency relationships are a common early warning message in attacks on routers. If successful, a malicious actor can advertise bogus routes to valid hosts or networks, allowing the interception and modification of traffic intended for those hosts or subnets.
For this reason it is important that OSPF endpoints alert on any interruptions in adjacency.
Solution
Enabling the logging of adjacencies is a single line in the OSPF process section. It is globally applied to all OSPF neighbors.
switch(config)# router ospf <Process tag>
switch(config-router)# log-adjacency-changes
Default Value:
By default changes in OSPF adjacencies are not logged.
Item Details
Category: ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY
References: 800-53|AC-18, 800-53|AC-18(1), 800-53|AC-18(3), 800-53|AU-3, 800-53|AU-3(1), 800-53|AU-7, 800-53|AU-12, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SI-4, 800-53|SI-4(4), CSCv7|11
Control ID: 9541ac9093b9d536ddf9dd8c0cd14e08bc17c0ff51b00d2da2df6fbb4e5b186b