Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The router must protect against or limit the effects of denial of service attacks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000191-RTR-000079 | SRG-NET-000191-RTR-000079 | SRG-NET-000191-RTR-000079_rule | High |
| Description |
|---|
| A router experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU load caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering resulting in route flapping and eventually black hole production traffic. The device must be configured to thwart, counter, or prevent such attacks. |
| STIG | Date |
|---|---|
| Router Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000191-RTR-000079_chk ) |
|---|
| Verify the router includes configurations that limit or protect against the effects of denial of service attacks (e.g., multiple/distributed routers, load balancers, increasing log capacity, and/or service redundancy). If the router is not configured to protect against or limit the effects of denial of service attacks, this is a finding. |
| Fix Text (F-SRG-NET-000191-RTR-000079_fix) |
|---|
| Configure the router to protect against or limit the effects of denial of service attacks by implementing risk mitigation solutions (e.g., multiple/distributed routers, load balancers, increasing log capacity, and/or providing service redundancy). |