NET1637 - The network element must only allow management connections from hosts residing in to the management network - Loopback filter ssh

Information

Remote administration is inherently dangerous because anyone with a sniffer and access to the right LAN segment, could acquire the device account and password information. With this intercepted information they could gain access to the infrastructure and cause denial of service attacks, intercept sensitive information, or perform other destructive actions.

Solution

Configure an ACL or filter to restrict management access to the device from only the management network.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Infrastructure_Router_L3_Switch_V8R27_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7, CAT|II, Rule-ID|SV-15450r3_rule, STIG-ID|NET1637, Vuln-ID|V-5611

Plugin: Juniper

Control ID: 553681ddcd86277a01cf705430a11f5beff16b0fac343deab40efe43f6250890