STIGQter STIGQter: STIG Summary: Juniper SRX SG NDM Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Juniper SRX Services Gateway must configure the control plane to protect against or limit the effects of common types of Denial of Service (DoS) attacks on the device itself by configuring applicable system options and internet-options.

DISA Rule

SV-223233r513388_rule

Vulnerability Number

V-223233

Group Title

SRG-APP-000435-NDM-000315

Rule Version

JUSX-DM-000162

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the system and system-options to protect against DoS attacks.

[edit]
set system no-redirects
set system no-ping-record-route
set system no-ping-time-stamp
set system internet-options icmpv4-rate-limit packet-rate 50
set system internet-options icmpv6-rate-limit packet-rate 50
set system internet-options no-ipip-path-mtu-discovery
set system internet-options no-source-quench
set system internet-options tcp-drop-synfin-set
set system internet-options no-ipv6-path-mtu-discovery
set system internet-options no-tcp-reset drop-all-tcp

Check Contents

Verify the system options are configured to protect against DoS attacks.

[edit]
show system
show system internet-options

If the system and system-options which limit the effects of common types of DoS attacks are not configured in compliance with DoD requirements, this is a finding.

Vulnerability Number

V-223233

Documentable

False

Rule Version

JUSX-DM-000162

Severity Override Guidance

Verify the system options are configured to protect against DoS attacks.

[edit]
show system
show system internet-options

If the system and system-options which limit the effects of common types of DoS attacks are not configured in compliance with DoD requirements, this is a finding.

Check Content Reference

M

Target Key

4098

Comments