STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020: STIGQter: STIG Summary: HP FlexFabric Switch L2S Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Jul 2020:SV-80547r1_rule
V-66057
SRG-NET-000193-L2S-000020
HFFS-L2-000006
CAT II
10
Configure QoS policy and apply it to the control plane:
[HP] traffic classifier Net-Protocols operator and
[HP-classifier Net-Protocols] if-match control-plane protocol icmp
[HP-classifier Net-Protocols] quit
[HP] traffic behavior Net-Protocols
[HP-behavior-Net-Protocols] car cir 320
[HP-behavior-Net-Protocols] quit
[HP] qos policy Net-protocols
[HP-qospolicy-Net-Protocols] classifier Net-Protocols behavior Net-protocols
[HP-qospolicy-Net-Protocols] quit
[HP] control-plane slot 1
[HP-cp-slot1] qos apply policy Net-Protocols inbound
Note: In addition, ACLs can be deployed to address specific types of attacks based on IP, MAC, protocols and ports.
Note: By default, the HP FlexFabric Switches are configured with pre-defined control plane QoS policies, which take effect on the control planes by default.
Check if the HP FlexFabric Switch is configured to protect against known DoS attacks by implementing a control plane QoS policy to rate limit specify traffic types destined to the switch.
[HP] display qos policy control-plane pre-defined
[HP] display qos policy user-defined
If the HP FlexFabric Switch is not configured with a control plane QoS policy, this is a finding.
V-66057
False
HFFS-L2-000006
Check if the HP FlexFabric Switch is configured to protect against known DoS attacks by implementing a control plane QoS policy to rate limit specify traffic types destined to the switch.
[HP] display qos policy control-plane pre-defined
[HP] display qos policy user-defined
If the HP FlexFabric Switch is not configured with a control plane QoS policy, this is a finding.
M
2977