Each eBGP neighbor must be authenticated with a unique password.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-14666 | NET0412 | SV-15300r2_rule | ECSC-1 | Medium |
| Description |
|---|
| If the same passwords are used between eBGP neighbors, the chance of a hacker compromising any of the BGP sessions increases. It is possible that a malicious user exists in one autonomous system who would know the password used for the eBGP session. This user would then be able to hijack BGP sessions with other trusted neighbors. |
| STIG | Date |
|---|---|
| Perimeter L3 Switch Security Technical Implementation Guide | 2018-11-27 |
Details
| Check Text ( C-12695r2_chk ) |
|---|
| Review the device configuration to determine if each eBGP peer is authenticated with a unique password. If a unique password is not configured for each eBGP peer, this is a finding. |
| Fix Text (F-14124r2_fix) |
|---|
| Configure unique password for each eBGP neighbor. |