Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4624 | NET0166 | SV-4624r1_rule | ECSC-1 | Low |
Description |
---|
Unsolicited traffic that may inadvertently attempt to enter the NIPRNet by traversing the enclave's premise router can be avoided by not redistributing NIPRNet routes into the AG. |
STIG | Date |
---|---|
Perimeter L3 Switch Security Technical Implementation Guide - Cisco | 2015-06-30 |
Check Text ( C-3395r1_chk ) |
---|
Review the configuration of the router connecting to the AG and verify that there are no routes being redistributed into the enclave from the AG. |
Fix Text (F-4557r1_fix) |
---|
Use distribute lists prefix lists to insure AG routes are not redistributed into the NIPRNet BGP or sites IGP (OSPF, EIGRP, RIP, etc). |