Detections
Analytics

Item Search

NameAudit NamePluginCategory
Interior routing protocols are not authenticated - 'RIP Check'DISA STIG Cisco Infrastructure Router v8r29Cisco
NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 pim neighbor-filter list IPV6_PIM_NEIGHBORS_ACL'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-MCAST-010 - No Admin-local or Site-local boundary - ip access-list standard - 'deny 239'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-SRVFRM-003 - ACLs must restrict access to server VLANsDISA STIG Cisco Infrastructure Router v8r29Cisco
NET-TUNL-012 - Tunnel Default Router ConfiguredDISA STIG Cisco Infrastructure Router v8r29Cisco
NET-TUNL-017 - ISATAP tunnels must terminate at interior routerDISA STIG Cisco Infrastructure Router v8r29Cisco
NET0400 - Interior routing protocols are not authenticated - 'EIGRP (Interface Check - authentication key-chain)'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0400 - Interior routing protocols are not authenticated - 'IS-IS (Interface Check - isis authentication key-chain)'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0400 - Interior routing protocols are not authenticated - 'IS-IS (Router Check - authentication mode)'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0400 - Interior routing protocols are not authenticated - 'OSPFv2 (Router Check)'DISA STIG Cisco Infrastructure Router v8r29Cisco

IDENTIFICATION AND AUTHENTICATION

NET0400 - Interior routing protocols are not authenticated - 'RIPv2 (Key-Chain Check)'DISA STIG Cisco Infrastructure Router v8r29Cisco

IDENTIFICATION AND AUTHENTICATION

NET0422 - Keys expiration exceeds 180 days.DISA STIG Cisco Infrastructure Router v8r29Cisco

IDENTIFICATION AND AUTHENTICATION

NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to accept-lifetime infinite - Key 1'DISA STIG Cisco Infrastructure Router v8r29Cisco

IDENTIFICATION AND AUTHENTICATION

NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to accept-lifetime infinite - Key 2'DISA STIG Cisco Infrastructure Router v8r29Cisco

IDENTIFICATION AND AUTHENTICATION

NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to send-lifetime infinite - Key 1'DISA STIG Cisco Infrastructure Router v8r29Cisco

IDENTIFICATION AND AUTHENTICATION

NET0433 - The device is not authenticated using a AAA server - 'aaa authentication login'DISA STIG Cisco Infrastructure Router v8r29Cisco

IDENTIFICATION AND AUTHENTICATION

NET0433 - The device is not authenticated using a AAA server - 'line con - authentication'DISA STIG Cisco Infrastructure Router v8r29Cisco

IDENTIFICATION AND AUTHENTICATION

NET0465 - Authorized accounts must be assigned the least privilege level necessary to perform assigned duties.DISA STIG Cisco Infrastructure Router v8r29Cisco
NET0724 - TCP Keep-Alives must be enabledDISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0726 - Identification support is enabled.DISA STIG Cisco Infrastructure Router v8r29Cisco

CONFIGURATION MANAGEMENT

NET0730 - The finger service is not disabledDISA STIG Cisco Infrastructure Router v8r29Cisco

CONFIGURATION MANAGEMENT

NET0744 - BSDr commands are not disabled - rcp-enableDISA STIG Cisco Infrastructure Router v8r29Cisco

CONFIGURATION MANAGEMENT

NET0744 - BSDr commands are not disabled - rsh-enableDISA STIG Cisco Infrastructure Router v8r29Cisco

CONFIGURATION MANAGEMENT

NET0760 - Configuration auto-loading must be disabled - 'book network'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND INFORMATION INTEGRITY

NET0790 - IP directed broadcast is not disabled.DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0812 - Two NTP servers are not used to synchronize time - 'Second NTP Server'DISA STIG Cisco Infrastructure Router v8r29Cisco

AUDIT AND ACCOUNTABILITY

NET0890 - Network devices must only allow SNMPv2 access from addresses belonging to the management network.DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0890 - Network devices must only allow SNMPv3 access from addresses belonging to the management network.DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0890 - Network devices must restrict SNMPv2 access to the management network.DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0890 - Network devices must restrict SNMPv3 access to the management network.DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0894 - Network element must only allow SNMP read access - 'community RW'DISA STIG Cisco Infrastructure Router v8r29Cisco

ACCESS CONTROL

NET0894 - Network element must only allow SNMP read access - 'SNMP v3 auth'DISA STIG Cisco Infrastructure Router v8r29Cisco

CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

NET0894 - Network element must only allow SNMP read access - 'SNMP v3 priv|noauth'DISA STIG Cisco Infrastructure Router v8r29Cisco

CONFIGURATION MANAGEMENT

NET0897 - RADIUS Authentication traffic does not use loopback interface.DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0897 - TACACS Authentication traffic does not use loopback interface.DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0899 - NTP traffic is not using loopback addressDISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0902 - FTP/TFTP traffic does not use loopback - 'ip tftp source-interface Loopback0'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0988 - Traffic from the managed network will leak - 'access-list OOBM_EGRESS_ACL permit'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0989 - Management traffic leaks into the managed network - 'access-list OOBM_INGRESS_ACL permit'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0992 - The management interface does not have an ACL - 'Step 3 (ip local policy route-map LOCAL_POLICY)'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0993 - The management interface is not IGP passiveDISA STIG Cisco Infrastructure Router v8r29Cisco
NET1006 - IPSec traffic is not restricted - 'access-list IN_BAND_MGMT_VPN_ACL permit'DISA STIG Cisco Infrastructure Router v8r29Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1021 - The network element must log all messages except debugging. - 'Logging buffered'DISA STIG Cisco Infrastructure Router v8r29Cisco

AUDIT AND ACCOUNTABILITY

NET1021 - The network element must log all messages except debugging. - 'Logging console notifications'DISA STIG Cisco Infrastructure Router v8r29Cisco

AUDIT AND ACCOUNTABILITY

NET1021 - The network element must log all messages except debugging. - 'Logging LOGGING_HOST_IP'DISA STIG Cisco Infrastructure Router v8r29Cisco

AUDIT AND ACCOUNTABILITY

NET1021 - The network element must log all messages except debugging. - 'Logging on'DISA STIG Cisco Infrastructure Router v8r29Cisco

AUDIT AND ACCOUNTABILITY

NET1639 - Management connection does not timeoutDISA STIG Cisco Infrastructure Router v8r29Cisco

ACCESS CONTROL

NET1640 - Management connections must be logged - login successDISA STIG Cisco Infrastructure Router v8r29Cisco

AUDIT AND ACCOUNTABILITY

Network element must only allow SNMP read accessDISA STIG Cisco Infrastructure Router v8r29Cisco
SNMPv2 with ACL is configured Check for ACL ConfigurationDISA STIG Cisco Infrastructure Router v8r29Cisco