STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:SV-216664r531086_rule
V-216664
SRG-NET-000364-RTR-000109
CISC-RT-000260
CAT II
10
This requirement is not applicable for the DODIN Backbone.
Configure the router to allow only incoming communications from authorized sources to be routed to authorized destinations.
R1(config)#ip access-list extended FILTER_PERIMETER
R1(config-ext-nacl)#nn permit udp host x.12.1.9 host x.12.1.21 eq ntp
R1(config-ext-nacl)#end
This requirement is not applicable for the DODIN Backbone.
Review the router configuration to determine if the router allows only incoming communications from authorized sources to be routed to authorized destinations. The hypothetical example below allows inbound NTP from server x.1.12.9 only to host x.12.1.21.
ip access-list extended FILTER_PERIMETER
permit tcp any any established
…
…
…
permit udp host x.12.1.9 host x.12.1.21 eq ntp
deny ip any any log-input
If the router does not restrict incoming communications to allow only authorized sources and destinations, this is a finding.
V-216664
False
CISC-RT-000260
This requirement is not applicable for the DODIN Backbone.
Review the router configuration to determine if the router allows only incoming communications from authorized sources to be routed to authorized destinations. The hypothetical example below allows inbound NTP from server x.1.12.9 only to host x.12.1.21.
ip access-list extended FILTER_PERIMETER
permit tcp any any established
…
…
…
permit udp host x.12.1.9 host x.12.1.21 eq ntp
deny ip any any log-input
If the router does not restrict incoming communications to allow only authorized sources and destinations, this is a finding.
M
4028