STIGQter: STIG Summary: HP FlexFabric Switch RTR Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding.

DISA Rule

SV-80611r1_rule

Vulnerability Number

V-66121

Group Title

SRG-NET-000026-RTR-000031

Rule Version

HFFS-RT-000017

Severity

CAT II

CCI(s)

• CCI-001094 - The information system restricts the ability of individuals to launch organization-defined denial of service attacks against other information systems.

Weight

10

Fix Recommendation

Configure the global command ip urpf strict on the switch.

Check Contents

Display the switch configuration to verify that either the command ip urpf strict has been configured or an egress filter has been configured on all internal-facing interfaces to drop all outbound packets with an illegitimate source address.
If uRPF or an egress filter to restrict the switch from accepting outbound IP packets that contain an illegitimate address in the source address field has not been configured on all internal-facing interfaces, this is a finding.

Vulnerability Number

V-66121

Documentable

False

Rule Version

HFFS-RT-000017

Severity Override Guidance

Display the switch configuration to verify that either the command ip urpf strict has been configured or an egress filter has been configured on all internal-facing interfaces to drop all outbound packets with an illegitimate source address.
If uRPF or an egress filter to restrict the switch from accepting outbound IP packets that contain an illegitimate address in the source address field has not been configured on all internal-facing interfaces, this is a finding.

Check Content Reference

M

Target Key

2979

Comments