STIGQter: STIG Summary: Layer 2 Switch Security Requirements Guide Version: 1 Release: 6 Benchmark Date: 24 Jan 2020:

The layer 2 switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections.

DISA Rule

SV-76685r1_rule

Vulnerability Number

V-62195

Group Title

SRG-NET-000512

Rule Version

SRG-NET-000512-L2S-000004

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the switch to enable Unidirectional Link Detection (UDLD) to protect against one-way connections.

Note: UDLD is a Cisco-proprietary protocol. However, other switch vendors, such as 3Com, Extreme, and D-Link, have similar functionality in their products, respectively: Device Link Detection Protocol (DLDP), Extreme Link Status Monitoring (ELSM), and D-Link Unidirectional Link Detection (DULD).

Check Contents

If any of the switch ports have fiber optic interconnections with neighbors, review the switch configuration to verify that UDLD is enabled globally or on a per interface basis.

If the switch has fiber optic interconnections with neighbors and UDLD is not enabled, this is a finding.

Vulnerability Number

V-62195

Documentable

False

Rule Version

SRG-NET-000512-L2S-000004

Severity Override Guidance

If any of the switch ports have fiber optic interconnections with neighbors, review the switch configuration to verify that UDLD is enabled globally or on a per interface basis.

If the switch has fiber optic interconnections with neighbors and UDLD is not enabled, this is a finding.

Check Content Reference

M

Target Key

2917

Comments