The router must be configured so that any key used for authenticating Interior Gateway Protocol peers does not have a duration exceeding 180 days.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-55759	SRG-NET-000025-RTR-000085	SV-70013r1_rule		Medium

Description
If the keys used for routing protocol authentication are guessed, the malicious user could create havoc within the network by advertising incorrect routes and redirecting traffic. Some routing protocols allow the use of key chains for authentication. A key chain is a set of keys that are used in succession, with each having a lifetime of no more than 180 days. Changing the keys frequently reduces the risk of them eventually being guessed. Keys cannot be used during time periods for which they are not activated. If a time period occurs during which no key is activated, neighbor authentication cannot occur, and therefore routing updates will fail. Therefore, you should ensure that for a given key chain, key activation times overlap to avoid any period of time during which no key is activated.

Description

If the keys used for routing protocol authentication are guessed, the malicious user could create havoc within the network by advertising incorrect routes and redirecting traffic. Some routing protocols allow the use of key chains for authentication. A key chain is a set of keys that are used in succession, with each having a lifetime of no more than 180 days. Changing the keys frequently reduces the risk of them eventually being guessed. Keys cannot be used during time periods for which they are not activated. If a time period occurs during which no key is activated, neighbor authentication cannot occur, and therefore routing updates will fail. Therefore, you should ensure that for a given key chain, key activation times overlap to avoid any period of time during which no key is activated.

STIG	Date
Router Security Requirements Guide	2016-07-01

Details

Check Text ( C-56325r1_chk )
For each authenticated routing protocol session, review the configured key expiration dates. If any key has a lifetime of more than 180 days, this is a finding.

Fix Text (F-60629r2_fix)
For each authenticated routing protocol session, configure each key to have a lifetime of no more than 180 days.