UCF STIG Viewer Logo

The network device must use its loopback or OOB management interface address as the source address when originating authentication services traffic.


Overview

Finding ID Version Rule ID IA Controls Severity
V-14672 NET0897 SV-15336r3_rule ECSC-1 Low
Description
Using a loopback address as the source address offers a multitude of uses for security, access, management, and scalability of routers. It is easier to construct appropriate ingress filters for router management plane traffic destined to the network management subnet since the source addresses will be from the range used for loopback interfaces instead of a larger range of addresses used for physical interfaces. Log information recorded by authentication and syslog servers will record the router's loopback address instead of the numerous physical interface addresses. TACACS+, RADIUS messages sent to management servers should use the loopback address as the source address.
STIG Date
Perimeter Router Security Technical Implementation Guide 2018-11-28

Details

Check Text ( C-12802r5_chk )
Review the device configuration and determine if authentication services are using the loopback or OOB management interface as the source address.

If the loopback or OOB management interface isn't being used as the source address for authentications services, this is a finding.
Fix Text (F-14134r5_fix)
Configure the device to use its loopback or OOB management interface address as the source address when originating authentication services traffic.