STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The router must be configured to have Internet Control Message Protocol (ICMP) redirects disabled on all external interfaces.

DISA Rule

SV-207155r604135_rule

Vulnerability Number

V-207155

Group Title

SRG-NET-000362

Rule Version

SRG-NET-000362-RTR-000115

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Disable ICMP redirects on all external interfaces.

Check Contents

Review the device configuration to determine if controls have been defined to ensure the router does not send ICMP Redirect messages out to any external interfaces.

If ICMP Redirect messages are enabled on any external interfaces, this is a finding.

Vulnerability Number

V-207155

Documentable

False

Rule Version

SRG-NET-000362-RTR-000115

Severity Override Guidance

Review the device configuration to determine if controls have been defined to ensure the router does not send ICMP Redirect messages out to any external interfaces.

If ICMP Redirect messages are enabled on any external interfaces, this is a finding.

Check Content Reference

M

Target Key

2917

Comments