Detections
Analytics

CSCv7|11

Title

Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure 'Login Banner' is setPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.2 Ensure 'Login Banner' is setPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.6 Ensure maximum RAM is installedJuniperCIS Juniper OS Benchmark v2.1.0 L1
1.6.1 Ensure 'Verify Update Server Identity' is enabledPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.6.1 Ensure 'Verify Update Server Identity' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.8 Ensure Retired JUNOS Devices are Disposed of SecurelyJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.1 Ensure a fully-synchronized High Availability peer is configuredPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.1 Ensure a fully-synchronized High Availability peer is configuredPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
3.1.2 Set 'no ip proxy-arp'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.1.2 Set 'no ip proxy-arp'CiscoCIS Cisco IOS 12 L2 v4.0.0
3.1.3 Set 'no interface tunnel'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.1.3.1 Set Interfaces with no Peers to Passive-InterfaceCiscoCIS Cisco NX-OS L1 v1.1.0
3.1.3.2 Authenticate OSPF peers with MD5 authentication keysCiscoCIS Cisco NX-OS L2 v1.1.0
3.1.3.3 Log OSPF Adjacency ChangesCiscoCIS Cisco NX-OS L1 v1.1.0
3.1.4 Set 'ip verify unicast source reachable-via'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path MonitoringPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure ConditionPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure ConditionPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure ConditionPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure ConditionPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
3.2.1 Ensure VRRP authentication-key is setJuniperCIS Juniper OS Benchmark v2.1.0 L2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Default deny configured'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 127.0.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.168.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 224.0.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny internal networks'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - External interface has ACL appliedCiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.2 Set inbound 'ip access-group' on the External InterfaceCiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.4 Disable IP Directed Broadcasts on all Layer 3 InterfacesCiscoCIS Cisco NX-OS L1 v1.1.0
3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Election SetingsPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Election SetingsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Passive Link StatePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Passive Link StatePalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.3.1 Configure DHCP TrustCiscoCIS Cisco NX-OS L1 v1.1.0
3.3.1.1 Set 'key chain'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.3.1.2 Set 'key'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.3.1.3 Set 'key-string'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.3.1.4 Set 'address-family ipv4 autonomous-system'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.3.1.5 Set 'af-interface default'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.3.1.6 Set 'authentication key-chain'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.3.1.7 Set 'authentication mode md5'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.3.1.8 Set 'ip authentication key-chain eigrp'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.3.1.9 Set 'ip authentication mode eigrp'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.3.2 Configure Storm ControlCiscoCIS Cisco NX-OS L2 v1.1.0