STIGQter: STIG Summary: HP FlexFabric Switch RTR Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must ensure all Exterior Border Gateway Protocol (eBGP) HP FlexFabric Switches are configured to use Generalized TTL Security Mechanism (GTSM).

DISA Rule

SV-80623r1_rule

Vulnerability Number

V-66133

Group Title

SRG-NET-000191-RTR-000081

Rule Version

HFFS-RT-000023

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure all eBGP peering sessions to use GTSM.

[HP] bgp 2000
[HP-bgp] peer 192.178.19.1 as-number 2100
[HP-bgp] peer 192.178.19.1 ttl-security hops 254

Check Contents

Review the HP FlexFabric Switch configuration.

If the HP FlexFabric Switch is not configured to use GTSM for all eBGP peering sessions, this is a finding.

[HP] display current-configuration
#
bgp 2000
graceful-restart
peer 10.10.10.1 as-number 2000
peer 10.10.10.1 ttl-security hops 254
peer 201.6.1.193 as-number 1473
peer 201.6.1.193 route-update-interval 0
peer 201.6.1.193 password cipher $c$3$6jyBDW1nVs/F0410R54zhmhD1HYhs5I=
peer 2115:B:1::C1 as-number 1473
peer 2115:B:1::C1 route-update-interval 0

Vulnerability Number

V-66133

Documentable

False

Rule Version

HFFS-RT-000023

Severity Override Guidance

Review the HP FlexFabric Switch configuration.

If the HP FlexFabric Switch is not configured to use GTSM for all eBGP peering sessions, this is a finding.

[HP] display current-configuration
#
bgp 2000
graceful-restart
peer 10.10.10.1 as-number 2000
peer 10.10.10.1 ttl-security hops 254
peer 201.6.1.193 as-number 1473
peer 201.6.1.193 route-update-interval 0
peer 201.6.1.193 password cipher $c$3$6jyBDW1nVs/F0410R54zhmhD1HYhs5I=
peer 2115:B:1::C1 as-number 1473
peer 2115:B:1::C1 route-update-interval 0

Check Content Reference

M

Target Key

2979

Comments