STIGQter STIGQter: STIG Summary: Infrastructure Router Security Technical Implementation Guide Juniper Version: 8 Release: 29 Benchmark Date: 25 Jan 2019: The network element must authenticate all BGP peers within the same or between autonomous systems (AS).

DISA Rule

SV-41556r2_rule

Vulnerability Number

V-31285

Group Title

BGP must authenticate all peers.

Rule Version

NET0408

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the device to authenticate all BGP peers.

Check Contents

Review the router configuration to determine if authentication is being used for all peers. An authentication key should be defined for each BGP neighbor regardless of the autonomous system the peer belongs as shown in the following example:

protocols bgp {
group external-peers {
type external;
neighbor 171.69.232.90 {
peer-as 200;
authentication-key xxxxx;
}
neighbor 171.69.232.100 {
peer-as 300;
authentication-key xxxxx;
}
}
}

Note: The authentication-key statement can be applied at the BGP level, at the group level, or at the neighbor level.

Vulnerability Number

V-31285

Documentable

False

Rule Version

NET0408

Severity Override Guidance

Review the router configuration to determine if authentication is being used for all peers. An authentication key should be defined for each BGP neighbor regardless of the autonomous system the peer belongs as shown in the following example:

protocols bgp {
group external-peers {
type external;
neighbor 171.69.232.90 {
peer-as 200;
authentication-key xxxxx;
}
neighbor 171.69.232.100 {
peer-as 300;
authentication-key xxxxx;
}
}
}

Note: The authentication-key statement can be applied at the BGP level, at the group level, or at the neighbor level.

Check Content Reference

M

Target Key

510

Comments