STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021: STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:SV-217031r639663_rule
V-217031
SRG-NET-000364-RTR-000109
JUNI-RT-000260
CAT II
10
This requirement is not applicable for the DoDIN Backbone.
Configure the router to allow only incoming communications from authorized sources to be routed to authorized destinations.
This requirement is not applicable for the DoDIN Backbone.
Review the router configuration to determine if the router allows only incoming communications from authorized sources to be routed to authorized destinations. The hypothetical example below allows inbound NTP from host x.3.12.33 only to host x.1.22.4.
filter INBOUND_FILTER {
term ALLOW_NTP {
from {
source-address {
x.3.12.33/32;
}
destination-address {
x.1.22.4/32; <<< change to global address
}
protocol udp;
destination-port ntp;
}
}
}
If the router does not restrict incoming communications to allow only authorized sources and destinations, this is a finding.
V-217031
False
JUNI-RT-000260
This requirement is not applicable for the DoDIN Backbone.
Review the router configuration to determine if the router allows only incoming communications from authorized sources to be routed to authorized destinations. The hypothetical example below allows inbound NTP from host x.3.12.33 only to host x.1.22.4.
filter INBOUND_FILTER {
term ALLOW_NTP {
from {
source-address {
x.3.12.33/32;
}
destination-address {
x.1.22.4/32; <<< change to global address
}
protocol udp;
destination-port ntp;
}
}
}
If the router does not restrict incoming communications to allow only authorized sources and destinations, this is a finding.
M
4032