The network device must prevent individuals from using it as a platform for launching a denial of service attack. Restricting the ability of individuals to launch denial of service attacks requires that the mechanisms used for such attacks be disabled or restricted. Securing the network device at the OS, application, and management interface is vital to mitigate this risk.
Providing least privilege, network monitoring using an IDS/IPS; out-of-band management; securing the OS; deleting default passwords; host-based inspection; and auditing are methods for preventing any information system, including network devices, from being used to launch attacks. These features are provided by other controls or guidance for the OS or appropriate technology STIG. |