UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A system used for routing must not run other network services or applications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4398 GEN005580 SV-4398r2_rule DCSP-1 Medium
Description
Installing extraneous software on a system designated as a dedicated router poses a security threat to the system and the network. Should an attacker gain access to the router through the unauthorized software, the entire network is susceptible to malicious activity.
STIG Date
AIX 5.3 Security Technical Implementation Guide 2012-05-25

Details

Check Text ( C-8276r2_chk )
Ask the SA if the system is a designated router. If it is not, this is not applicable.

Check the system for non-routing network services.

Procedure:
# netstat -a | grep -i listen
# ps -ef

If non-routing services, including Web servers, file servers, DNS servers, or applications servers, but excluding management services, such as SSH and SNMP, are running on the system, this is a finding.
Fix Text (F-4309r2_fix)
Ensure only authorized software is loaded on a designated router. Authorized software will be limited to the most current version of routing protocols and SSH for system administration purposes.