STIGQter: STIG Summary: Juniper SRX Services Gateway ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Juniper SRX Services Gateway Firewall must not be configured as an NTP server since providing this network service is unrelated to the role as a firewall.

DISA Rule

SV-214524r557389_rule

Vulnerability Number

V-214524

Group Title

SRG-NET-000131-ALG-000086

Rule Version

JUSX-AG-000084

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Delete NTP options from zones and interface commands. Re-enter the set security zone command without the "ntp" attribute. The exact command entered depends how the zone is configured with the authorized attributes, services, and options.

Examples:

[edit]
set security zones security-zone <zone-name> interfaces <interface-name> host-inbound-traffic

Check Contents

Check both the zones and the interface stanza to ensure NTP is not configured as a service option.

[edit]
show security zones

and, for each interface used, enter:

show security zones <zone-name> interface <interface-name>

If NTP is included in any of the zone or interface stanzas, this is a finding.

Vulnerability Number

V-214524

Documentable

False

Rule Version

JUSX-AG-000084

Severity Override Guidance

Check both the zones and the interface stanza to ensure NTP is not configured as a service option.

[edit]
show security zones

and, for each interface used, enter:

show security zones <zone-name> interface <interface-name>

If NTP is included in any of the zone or interface stanzas, this is a finding.

Check Content Reference

M

Target Key

4004

Comments