STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021: STIGQter: STIG Summary: Juniper Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 12 Feb 2021:SV-217070r639663_rule
V-217070
SRG-NET-000343-RTR-000001
JUNI-RT-000640
CAT II
10
Implement authentication for all targeted LDP sessions using a FIPS-approved message authentication code algorithm.
[edit security authentication-key-chains]
set key-chain LDP_KEY key 1 start-time 2018-05-01.12:00 secret xxxxxxxxxxxxx
set key-chain LDP_KEY key 2 start-time 2018-09-01.12:00 secret xxxxxxxxxxxxx
set key-chain LDP_KEY key 3 start-time 2019-01-01.12:00 secret xxxxxxxxxxxxx
[edit protocols ldp]
set session 8.8.8.8 authentication-algorithm hmac-sha-1-96 authentication-key-chain LDP_KEY
Review the router configuration to determine if LDP messages are being authenticated for the targeted LDP sessions. In the example below, the PE router is LDP peering with remote PE 8.8.8.8.
ldp {
interface ge-0/1/0.0;
interface ge-0/1/1.0;
session 8.8.8.8 {
authentication-algorithm hmac-sha-1-96;
authentication-key-chain LDP_KEY;
}
}
If authentication is not being used for the LDP targeted sessions using a FIPS-approved message authentication code algorithm, this is a finding.
V-217070
False
JUNI-RT-000640
Review the router configuration to determine if LDP messages are being authenticated for the targeted LDP sessions. In the example below, the PE router is LDP peering with remote PE 8.8.8.8.
ldp {
interface ge-0/1/0.0;
interface ge-0/1/1.0;
session 8.8.8.8 {
authentication-algorithm hmac-sha-1-96;
authentication-key-chain LDP_KEY;
}
}
If authentication is not being used for the LDP targeted sessions using a FIPS-approved message authentication code algorithm, this is a finding.
M
4032