STIGQter STIGQter: STIG Summary: Juniper SRX SG ALG Security Technical Implementation Guide Version: 1 Release: 4 Benchmark Date: 26 Jul 2019: The Juniper SRX Services Gateway Firewall must not be configured as an NTP server since providing this network service is unrelated to the role as a firewall.

DISA Rule

SV-80803r1_rule

Vulnerability Number

V-66313

Group Title

SRG-NET-000131-ALG-000086

Rule Version

JUSX-AG-000084

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Delete NTP options from zones and interface commands. Re-enter the set security zone command without the "ntp" attribute. The exact command entered depends how the zone is configured with the authorized attributes, services, and options.

Examples:

[edit]
set security zones security-zone <zone-name> interfaces <interface-name> host-inbound-traffic

Check Contents

Check both the zones and the interface stanza to ensure NTP is not configured as a service option.

[edit]
show security zones

and, for each interface used, enter:

show security zones <zone-name> interface <interface-name>

If NTP is included in any of the zone or interface stanzas, this is a finding.

Vulnerability Number

V-66313

Documentable

False

Rule Version

JUSX-AG-000084

Severity Override Guidance

Check both the zones and the interface stanza to ensure NTP is not configured as a service option.

[edit]
show security zones

and, for each interface used, enter:

show security zones <zone-name> interface <interface-name>

If NTP is included in any of the zone or interface stanzas, this is a finding.

Check Content Reference

M

Target Key

3035

Comments