STIGQter: STIG Summary: SEL-2740S L2S Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 02 May 2019:

The SEL-2740S -must be configured to limit excess bandwidth and denial of service (DoS) attacks.

DISA Rule

SV-102403r1_rule

Vulnerability Number

V-92315

Group Title

SRG-NET-000193-L2S-000020

Rule Version

SELS-SW-000050

Severity

CAT II

CCI(s)

• CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Weight

10

Fix Recommendation

Add a flow meter rule to ensure mission-critical traffic will not be impacted.

For adding an SEL-2740S Flow Meter, do the following:
1. Log in to OTSDN Controller using Permission Level 3.
2. Under "Meter Entry" General Settings, select "Meter ID", "Measurement Type", and "Burst Size".
3. Add meter rule to SEL-2740S Flow Rules that require monitoring.

Check Contents

Review the SEL-2740S to ensure that the meter rules and priorities are in place to ensure mission-critical traffic will not be impacted by increased traffic or bandwidth issues.

If the SEL-2740S is not configured with meters and priorities necessary for mission-critical packets, this is a finding.

Vulnerability Number

V-92315

Documentable

False

Rule Version

SELS-SW-000050

Severity Override Guidance

Review the SEL-2740S to ensure that the meter rules and priorities are in place to ensure mission-critical traffic will not be impacted by increased traffic or bandwidth issues.

If the SEL-2740S is not configured with meters and priorities necessary for mission-critical packets, this is a finding.

Check Content Reference

M

Target Key

3385

Comments