STIGQter STIGQter: STIG Summary: Juniper Router NDM Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Jul 2020:

The Juniper router must be configured to limit the number of concurrent management sessions to an organization-defined number.

DISA Rule

SV-101193r1_rule

Vulnerability Number

V-91093

Group Title

SRG-APP-000001-NDM-000200

Rule Version

JUNI-ND-000010

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the router to limit the number of concurrent sessions as shown in the example below:

[edit system services]
set ssh connection-limit 2
set ssh max-sessions-per-connection 1

Check Contents

Note: This requirement is not applicable to file transfer actions such as SCP and SFTP.

Review the router configuration to determine if concurrent SSH sessions are limited as show in the example below:

system {
services {
ssh {
max-sessions-per-connection 1;
connection-limit 2;
}
}

Note: the max-sessions-per-connection must be set to 1 to limit the number of sessions per connection which is limited by the connection-limit.

If the router is not configured to limit the number of concurrent sessions, this is a finding.

Vulnerability Number

V-91093

Documentable

False

Rule Version

JUNI-ND-000010

Severity Override Guidance

Note: This requirement is not applicable to file transfer actions such as SCP and SFTP.

Review the router configuration to determine if concurrent SSH sessions are limited as show in the example below:

system {
services {
ssh {
max-sessions-per-connection 1;
connection-limit 2;
}
}

Note: the max-sessions-per-connection must be set to 1 to limit the number of sessions per connection which is limited by the connection-limit.

If the router is not configured to limit the number of concurrent sessions, this is a finding.

Check Content Reference

M

Target Key

3381

Comments