Information
The Auxiliary Port should be set as Insecure if used.
Rationale:
The Auxiliary Port on a Juniper Device is used to connect Modems and other devices to allow remote administration of the router when other connectivity is not possible.
Connections to the Auxiliary Port are treated in a very similar fashion to local Console Port connections.
Although this is a useful function, connections via the Auxiliary Port represent a less secure method of remote administration compared to services such as SSH or HTTPS so the Aux Port is Disabled by default.
Where the Auxiliary Port is absolutely required for a deployment, logins to the Auxiliary Port using the highly privileged Root or Superuser accounts should be prevented by setting the JUNOS Device's Auxiliary Port as being Insecure in order to limit the scope for abuse.
Impact:
The Auxiliary port will not permit logins using the Root or Superuser accounts.
Solution
To set the Auxiliary Port as Insecure, issue the following command from the [edit system ports] hierarchy;
[edit system ports]
user@host#set auxiliary insecure
Default Value:
Root login via the Auxiliary port is disabled by default on most platforms. If enabled, Insecure mode is not configured by default.