JUSX-VN-000008 - The Juniper SRX Services Gateway VPN must be configured to use IPsec with SHA1 or greater to negotiate hashing to protect the integrity of remote access sessions.

Information

Without strong cryptographic integrity protections, information can be altered by unauthorized users without detection.

Remote access VPN provides access to DoD non-public information systems by an authorized user (or an information system) communicating through an external, non-organization-controlled network.

Solution

The following example commands configure the IPSec proposal.

set security ipsec proposal <IPSEC-PROPOSAL-NAME> authentication-algorithm <hmac-sha-256-128 | hmac-sha-256-96 | hmac-sha1-96>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Juniper_SRX_SG_Y24M07_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(2), CAT|II, CCI|CCI-001453, Rule-ID|SV-214675r382846_rule, STIG-ID|JUSX-VN-000008, STIG-Legacy|SV-81139, STIG-Legacy|V-66649, Vuln-ID|V-214675

Plugin: Juniper

Control ID: 3f0fa7db71a32cac4333ffad4490fbb2836de2702139f641695be34e276db689