STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:

The Juniper perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.

DISA Rule

SV-217041r639663_rule

Vulnerability Number

V-217041

Group Title

SRG-NET-000364-RTR-000111

Rule Version

JUNI-RT-000360

Severity

CAT III

CCI(s)

• CCI-002403 - The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Weight

10

Fix Recommendation

This requirement is not applicable for the DoDIN Backbone.

Disable LLDP on all external interfaces. If necessary, remove the interface all parameter and define all internal interfaces as shown in the example below.

[edit protocols lldp]
delete interface all
set interface ge-0/1/0
set interface ge-0/1/1

Check Contents

This requirement is not applicable for the DoDIN Backbone.

Review all router configurations to ensure LLDP is not enabled external interface.

protocols {
…
…
…
lldp {
advertisement-interval 30;
interface all;
}
}

If LLDP is configured globally or on any external interface, this is a finding.

Vulnerability Number

V-217041

Documentable

False

Rule Version

JUNI-RT-000360

Severity Override Guidance

This requirement is not applicable for the DoDIN Backbone.

Review all router configurations to ensure LLDP is not enabled external interface.

protocols {
…
…
…
lldp {
advertisement-interval 30;
interface all;
}
}

If LLDP is configured globally or on any external interface, this is a finding.

Check Content Reference

M

Target Key

4032

Comments