Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3072 | NET1030 | SV-3072r3_rule | Low |
Description |
---|
If the running and startup router configurations are not synchronized properly and a router malfunctions, it will not restart with all of the recent changes incorporated. If the recent changes were security related, then the routers would be vulnerable to attack. |
STIG | Date |
---|---|
Perimeter L3 Switch Security Technical Implementation Guide | 2016-12-22 |
Check Text ( C-3636r6_chk ) |
---|
Review the running and boot configurations to determine if they are synchronized. IOS Procedure: With online editing, the "show running-config" command will only show the current running configuration settings, which are different from the IOS defaults. The "show startup-config" command will show the NVRAM startup configuration. Compare the two configurations to ensure they are synchronized. JUNOS Procedure: This will never be a finding. The active configuration is stored on flash as juniper.conf. A candidate configuration allows configuration changes while in configuration mode without initiating operational changes. The router implements the candidate configuration when it is committed; thereby, making it the new active configuration--at which time it will be stored on flash as juniper.conf and the old juniper.conf will become juniper.conf.1. If running configuration and boot configurations are not the same, this is a finding. |
Fix Text (F-3097r4_fix) |
---|
Add procedures to the standard operating procedure to keep the running configuration synchronized with the startup configuration. |