6.13 Ensure Autoinstallation is Set to Disabled

Information

Autoinstallation should be disabled.

Rationale:

The Autoinstallation feature allows the JUNOS Device to automatically download and apply configuration from an FTP, TFTP or HTTP server on boot, having obtained IP Address details via DHCP or BOOTP.

Autoinstallation provides an extremely useful function for rapid deployment of large numbers of devices, however Autoinstallation provides no method to authenticate the identity of the Installation Servers or validity of the supplied configuration files.

This may allow an attacker to change the device's configuration at boot (or after forcing a reboot through a DoS attack) by impersonating the DHCP, FTP, TFTP or HTTP servers or by carrying out session hijacking. This would be a multistage attack, as Autoinstallation should only be used if the device does not find an existing configuration locally - so the attacker would also need to have been able to disrupt the configuration or boot process through some other vector, but this may be viable for an attacker who already has some foothold on the device to escalate their privileges.

If successful the attacker would have gained complete control over the JUNOS Device.

Because all of the protocols used by Autoinstallation transfer data in plain text, it is trivial for an attacker to intercept the traffic and obtain a complete copy of the configuration, possibly containing authentication details to both the device and Operational Support Services.

Autoinstallation is useful during deployments of large number of devices, but due to these limitations should only be used in a tightly controlled, isolated, build environment where the authenticity of servers and configuration can be assured and snooping on sensitive details can be eliminated. Autoinstallation should never be used over untrusted or public networks, such as over the Internet.

Many JUNOS Devices have Autoinstallation enabled by default to support large deployments using the feature, but Autoinstallation should be disabled on all devices once deployed to production.

Impact:

This should have no impact on production systems, as Autoinstallation should only be used when no non-factory-default configuration is present on the JUNOS Device at boot.

Solution

To disable Autoinstallation issue the following command from the [edit system] hierarchy;

[edit system]
user@host#delete autoinstallation

Default Value:

The Autoinstallation service is enabled by default on many JUNOS Devices.

See Also

https://workbench.cisecurity.org/files/3069

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-6, 800-53|SI-4, CSCv6|11, CSCv7|9.2, CSCv7|11

Plugin: Juniper

Control ID: b36d377c25378a36d94b56ae8a809ed6c5468f0d0f2b301d82f9c0843a8fe44d