STIGQter: STIG Summary: Juniper Router NDM Security Technical Implementation Guide Version: 1 Release: 5 Benchmark Date: 24 Jul 2020:

The Juniper router must be configured to be configured to prohibit the use of all unnecessary and nonsecure functions and services.

DISA Rule

SV-101225r1_rule

Vulnerability Number

V-91125

Group Title

SRG-APP-000142-NDM-000245

Rule Version

JUNI-ND-000470

Severity

CAT I

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

Disable the following services if enabled as shown in the example below.

[edit system services]
delete telnet
delete finger
delete xnm-clear-text

Check Contents

Review the services that have been enabled as shown in the following configuration example:
services {
finger;
telnet;
xnm-clear-text;
netconf {
ssh;
}
}

Services such as finger, telnet, and clear text-based JUNOScript connections should never be enabled. Other services such as Netconf, FTP, DHCP, and SSL-based JUNOScript connections should only be enabled if operationally required.

If the router is not configured to prohibit the use of all unnecessary and non-secure functions and services, this is a finding.

Vulnerability Number

V-91125

Documentable

False

Rule Version

JUNI-ND-000470

Severity Override Guidance

Review the services that have been enabled as shown in the following configuration example:
services {
finger;
telnet;
xnm-clear-text;
netconf {
ssh;
}
}

Services such as finger, telnet, and clear text-based JUNOScript connections should never be enabled. Other services such as Netconf, FTP, DHCP, and SSL-based JUNOScript connections should only be enabled if operationally required.

If the router is not configured to prohibit the use of all unnecessary and non-secure functions and services, this is a finding.

Check Content Reference

M

Target Key

3381

Comments