STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Juniper SRX Services Gateway must implement replay-resistant authentication mechanisms for network access to privileged accounts.

DISA Rule

SV-223216r513337_rule

Vulnerability Number

V-223216

Group Title

SRG-APP-000156-NDM-000250

Rule Version

JUSX-DM-000124

Severity

CAT II

CCI(s)

CCI-001941 - The information system implements replay-resistant authentication mechanisms for network access to privileged accounts.

Weight

Fix Recommendation

Configure SSH to use a replay-resistant authentication mechanism. The following is an example stanza.

[edit]
set system services ssh macs hmac-sha2-512
set system services ssh macs hmac-sha2-256
set system services ssh macs hmac-sha1
set system services ssh macs hmac-sha1-96

Check Contents

Verify SSH is configured to use a replay-resistant authentication mechanism.

[edit]
show system services ssh

If SSH is not configured to use the MAC authentication protocol, this is a finding.

Vulnerability Number

V-223216

Documentable

False

Rule Version

JUSX-DM-000124

Severity Override Guidance

Verify SSH is configured to use a replay-resistant authentication mechanism.

[edit]
show system services ssh

If SSH is not configured to use the MAC authentication protocol, this is a finding.

Check Content Reference

Target Key

4098

The Juniper SRX Services Gateway must implement replay-resistant authentication mechanisms for network access to privileged accounts.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments