From Juniper SRX SG ALG Security Technical Implementation Guide
Part of SRG-NET-000131-ALG-000086
Associated with: CCI-000381
Information systems are capable of providing a wide variety of functions (capabilities or processes) and services. Some of these functions and services are installed and enabled by default. The organization must determine which functions and services are required to perform the content filtering and other necessary core functionality for each component of the SRX. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
Check both the zones and the interface stanza to ensure DHCP proxy server services are not configured. [edit] show system services dhcp If a stanza exists for DHCP (e.g., forwarders option), this is a finding.
First, remove the DHCP stanza. Then re-enter the set security zones and interfaces command without the "dhcp" attribute. The exact command entered depends how the zone is configured with the authorized attributes, services, and options.
Examples:
[edit]
delete system services dhcp
set security zones security-zone
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer