| V-251770 | High | The NSX-T Tier-1 Gateway must be configured to have all inactive interfaces removed. | An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface.
If an interface is no longer used, the configuration must be deleted. |
| V-251772 | Medium | The NSX-T Tier-1 Gateway must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DoS is a condition when a resource is not available for legitimate users. Packet flooding distributed denial-of-service (DDoS) attacks are referred to as volumetric attacks and have the objective... |
| V-251771 | Low | The NSX-T Tier-1 Gateway must be configured to have the DHCP service disabled if not in use. | A compromised router introduces risk to the entire network infrastructure, as well as data resources that are accessible via the network. The perimeter defense has no oversight or control of... |
| V-251773 | Low | The NSX-T Tier-1 Gateway must be configured to have multicast disabled if not in use. | A compromised router introduces risk to the entire network infrastructure, as well as data resources that are accessible via the network. The perimeter defense has no oversight or control of... |
