STIGQter: STIG Summary: SEL-2740S L2S Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 02 May 2019:

The SEL-2740S must be configured to prevent packet flooding and bandwidth saturation.

DISA Rule

SV-102409r1_rule

Vulnerability Number

V-92321

Group Title

SRG-NET-000362-L2S-000024

Rule Version

SELS-SW-000130

Severity

CAT II

CCI(s)

CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

Fix Recommendation

Add a flow meter rule to prevent packet flooding and bandwidth saturation.

To add an SEL-2740S Flow Meter, do the following:
1. Log on to OTSDN Controller using Permission Level 3.
2. Under "Meter Entry" General settings, select "Meter ID", "Measurement Type", and "Burst Size".
3. Add meter rule to SEL-2740S Flow Rules that require monitoring.

Check Contents

Review the SEL-2740S flows to ensure the meter rules are in place to prevent packet flooding and bandwidth saturation.

If the switch is not configured to prevent packet flooding, this is a finding.

Vulnerability Number

V-92321

Documentable

False

Rule Version

SELS-SW-000130

Severity Override Guidance

Review the SEL-2740S flows to ensure the meter rules are in place to prevent packet flooding and bandwidth saturation.

If the switch is not configured to prevent packet flooding, this is a finding.

Check Content Reference

Target Key

3385

The SEL-2740S must be configured to prevent packet flooding and bandwidth saturation.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments