Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The Juniper SRX Services Gateway must ensure TCP forwarding is disabled for SSH to prevent unauthorized access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-66509 | JUSX-DM-000114 | SV-80999r1_rule | Medium |
| Description |
|---|
| Use this configuration option to prevent a user from creating an SSH tunnel over a CLI session to the Juniper SRX via SSH. This type of tunnel could be used to forward TCP traffic, bypassing any firewall filters or ACLs, allowing unauthorized access. |
| STIG | Date |
|---|---|
| Juniper SRX SG NDM Security Technical Implementation Guide | 2017-01-05 |
Details
| Check Text ( C-67155r1_chk ) |
|---|
| Use the CLI to view this setting for disabled for SSH. [edit] show system services ssh If TCP forwarding is not disabled for the root user, this is a finding. |
| Fix Text (F-72583r1_fix) |
|---|
| From the configuration mode, enter the following commands to disable TCP forwarding for the SSH protocol. [edit] set system services ssh no-tcp-forwarding |