| Finding ID |
Severity |
Title |
Description |
|
V-251770
|
High |
The NSX-T Tier-1 Gateway must be configured to have all inactive interfaces removed. |
An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface.
If an interface is no longer used, the configuration must be deleted. |
|
V-251772
|
Medium |
The NSX-T Tier-1 Gateway must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. |
DoS is a condition when a resource is not available for legitimate users. Packet flooding distributed denial-of-service (DDoS) attacks are referred to as volumetric attacks and have the objective of overloading a network or circuit to deny or seriously degrade performance, which denies access to the services that normally traverse... |
|
V-251773
|
Low |
The NSX-T Tier-1 Gateway must be configured to have multicast disabled if not in use. |
A compromised router introduces risk to the entire network infrastructure, as well as data resources that are accessible via the network. The perimeter defense has no oversight or control of attacks by malicious users within the network. Preventing network breaches from within is dependent on implementing a comprehensive defense-in-depth strategy,... |
|
V-251771
|
Low |
The NSX-T Tier-1 Gateway must be configured to have the DHCP service disabled if not in use. |
A compromised router introduces risk to the entire network infrastructure, as well as data resources that are accessible via the network. The perimeter defense has no oversight or control of attacks by malicious users within the network. Preventing network breaches from within is dependent on implementing a comprehensive defense-in-depth strategy,... |
