Check for RADIUS | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
Check for remote authentication server | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
Check for system default-address-selection | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
NET-IPV6-065 - The administrator must ensure the 6-to-4 router is configured to drop any IPv4 packets with protocol 41. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-IPV6-066 - The administrator must ensure the 6-to-4 router is configured to drop any outbound IPv6 packets from the internal network. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-MCAST-001 - The administrator must ensure that PIM is disabled on all interfaces that are not required to support multicast routing. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
NET-MCAST-002 - A PIM neighbor filter is bound to all interfaces that have PIM enabled - Interfaces | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-MCAST-010 - Ensure that multicast routers are configured to establish boundaries for Admin-local or Site-local scope multicast traffic. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0340 - Network devices must display the DoD-approved logon banner warning. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
NET0400 - The network element must authenticate all IGP peers - IS-IS authentication-key | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0400 - The network element must authenticate all IGP peers - RIP authentication-type | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0422 - Network devices must be configured with rotating keys used for authenticating IGP peers that have a duration of 180 days or less. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
NET0433 - Network devices must use two or more authentication servers for the purpose of granting administrative access | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
NET0440 - In the event the authentication server is unavailable, the network device must have a single local account of last resort defined. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
NET0441 - Emergency administration account privilege level is not set. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
NET0465 - Authorized accounts must be assigned the least privilege level necessary to perform assigned duties. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
NET0470 - Unauthorized accounts must not be configured for access to the network device. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
NET0600 - The network element must be configured to ensure passwords are not viewable when displaying configuration information. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
NET0742 - The router administrator will ensure FTP server is disabled. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
NET0802 - The router administrator will ensure ICMPv6 unreachable notifications, and redirects are disabled on all external interfaces. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0812 - The network element must use two or more NTP servers to synchronize time - NTP Server 2 | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | AUDIT AND ACCOUNTABILITY |
NET0813 - The network element must authenticate all NTP messages received from NTP servers and peers - NTP authentication-key | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
NET0820 - The network element must have DNS servers defined if it is configured as a client resolver - DNS Server 1 | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0820 - The network element must have DNS servers defined if it is configured as a client resolver - DNS Server 2 | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0894 - The network device must only allow SNMP read-only access - v1/v2c | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
NET0897 - The router must use its loopback or OOB address as the source address when originating TACACS+ or RADIUS - TACACS+ | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
NET0900 - The router must use its loopback or OOB management interface address as the source address when originating SNMP traffic. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
NET0965 - The network device must drop half-open TCP connections through filtering thresholds or timeout periods. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
NET0966 - Control plane protection is not enabled. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0986 - The routes from the two IGP domains are redistributed to each other - policy-options | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0987 - Traffic from the managed network is able to access the OOBM gateway router - firewall filter rules | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0988 - Traffic from the managed network will leak into the management network - OOBM Interface | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0989 - Management network traffic is leaking into the managed network - OOBM Firewall Ingress filter | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0989 - Management network traffic is leaking into the managed network - OOBM Interface | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0991 - The network element's OOBM interface must be configured with an OOBM network address. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
NET0992 - The management interface is not configured with both an ingress and egress ACL - Firewall Input Filter | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0992 - The management interface is not configured with both an ingress and egress ACL - Firewall Output Filter | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0992 - The management interface is not configured with both an ingress and egress ACL - Management Interface Input Filter | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0992 - The management interface is not configured with both an ingress and egress ACL - Management Interface Output Filter | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1006 - Traffic entering the tunnels is not restricted to only the authorized management packets based on destination address. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1007 - Management traffic is not classified and marked at the nearest upstream MLS or router - Interfaces filter | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1008 - The core router has not been configured to provide preferred treatment for management traffic that must traverse several nodes. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1636 - The network device must require authentication prior to establishing a management connection for administrative access - SSH | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
NET1637 - The network element must only allow management connections from hosts residing in to the management network - Loopback filter ssh | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1638 - Management connections must be established using secure protocols with FIPS 140-2 modules - SSH macs | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1647 - The network element must not use SSH Version 1 for administrative access. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
NET1660 - The network device must use SNMPv3 Security Model with FIPS 140-2 validated cryptography - privacy-aes128 | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1675 - The network device must use different SNMP community names or groups for various levels of read and write access - SNMPv3 | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
NET1807 - IPSec tunnels used for management traffic must be restricted to only the authorized packets - VPN Firewall Filter source | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
OL6-00-000010 - The Oracle Linux operating system must be a vendor-supported release. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |