The network element must restrict the ability of individuals to launch denial of service attacks against other information systems or networks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000192-RTR-NA	SRG-NET-000192-RTR-NA	SRG-NET-000192-RTR-NA_rule		Medium

Description
A network element experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU load caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering, resulting in route flapping and eventually black hole production traffic. The device must be configured to block such attacks. This requirement is applicable to network architecture and is not applicable to the routing function.

Description

A network element experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU load caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering, resulting in route flapping and eventually black hole production traffic. The device must be configured to block such attacks. This requirement is applicable to network architecture and is not applicable to the routing function.

STIG	Date
Router Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000192-RTR-NA_chk )
This requirement is NA for router.

Fix Text (F-SRG-NET-000192-RTR-NA_fix)
This requirement is NA for router.