Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3072 | NET1030 | SV-3072r2_rule | COBR-1 ECSC-1 | Low |
Description |
---|
If the running and startup router configurations are not synchronized properly and a router malfunctions, it will not restart with all of the recent changes incorporated. If the recent changes were security related, then the routers would be vulnerable to attack. |
STIG | Date |
---|---|
IPSec VPN Gateway Security Technical Implementation Guide | 2013-10-08 |
Check Text ( C-3636r5_chk ) |
---|
IOS Procedure: With online editing, the "show running-config" command will only show the current running configuration settings, which are different from the IOS defaults. The "show startup-config" command will show the NVRAM startup configuration. Compare the two configurations to ensure they are synchronized. JUNOS Procedure: This will never be a finding. The active configuration is stored on flash as juniper.conf. A candidate configuration allows configuration changes while in configuration mode without initiating operational changes. The router implements the candidate configuration when it is committed; thereby, making it the new active configuration—at which time it will be stored on flash as juniper.conf and the old juniper.conf will become juniper.conf.1. |
Fix Text (F-3097r4_fix) |
---|
Add procedures to the standard operating procedure to keep the running configuration synchronized with the startup configuration. |