UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

For nonlocal maintenance sessions using SSH, the Juniper SRX Services Gateway must securely configure SSHv2 Message Authentication Code (MAC) algorithms to protect the integrity of maintenance and diagnostic communications.


Overview

Finding ID Version Rule ID IA Controls Severity
V-223225 JUSX-DM-000147 SV-223225r513364_rule Medium
Description
To protect the integrity of nonlocal maintenance sessions, SSHv2 with MAC algorithms for integrity checking must be configured. Nonlocal maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network. The SSHv2 protocol suite includes Layer 7 protocols such as SCP and SFTP which can be used for secure file transfers.
STIG Date
Juniper SRX SG NDM Security Technical Implementation Guide 2021-03-25

Details

Check Text ( C-24898r513362_chk )
Verify SSHv2 and MAC algorithms for integrity checking.

[edit]
show system services ssh

If SSHv2 and integrity options are not configured in compliance with DoD requirements, this is a finding.
Fix Text (F-24886r513363_fix)
Configure SSH integrity options to comply with DoD requirements.

[edit]
set system services ssh protocol-version v2
set system services ssh macs hmac-sha2-512
set system services ssh macs hmac-sha2-256
set system services ssh macs hmac-sha1
set system services ssh macs hmac-sha1-96