NET0988 - Traffic from the managed network will leak - 'access-list OOBM_EGRESS_ACL deny'

Information

Traffic from the managed network will leak into the management network via the gateway router interface connected to the OOBM backbone.

If the gateway router is not a dedicated device for the OOBM network, several safeguards must be implemented for containment of management and production traffic boundaries such as using interface ACLs or filters at the boundaries between the two networks.

NOTE: Change 'OOBM_EGRESS_ACL' to the ACL list for granting your organization's management network access to the router and to prevent the managed network from leaking into the management network.

Solution

Configure the OOBM gateway router interface ACLs to ensure traffic from the managed network does not leak into the management network.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Perimeter_Router_L3_Switch_V8R32_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7, CAT|II, Rule-ID|SV-19072r1_rule, STIG-ID|NET0988, Vuln-ID|V-17818

Plugin: Cisco

Control ID: 4a6395da828ead613f7722d6bc5ae9f7ac4b4f6b9bb05e6c6fe6b5f043fbe08e