From Cisco IOS XE Release 3 RTR Security Technical Implementation Guide
Part of SRG-NET-000364-RTR-000109
Associated with: CCI-002403
Unrestricted traffic may contain malicious traffic that poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources.
Review the Cisco ISR 4000 Series router configuration to determine if the router only allows incoming communications from authorized sources to be routed to authorized destinations. The configuration should look similar to the following example: interface GigabitEthernet 0/0/1 description NIPRNet link ip address x.x.x.x 255.255.255.0 ip access-group Authorized_Sources_ACL in ... ip access-list extended Authorized_Sources_ACL deny ip 1.1.1.0 0.0.0.255 any log ... If the Cisco ISR 4000 Series router does not restrict incoming communications to allow only authorized sources and destinations, this is a finding.
Configure the Cisco ISR 4000 Series router to only allow incoming communications from authorized sources to be routed to authorized destinations. The configuration would look similar to the example below: interface GigabitEthernet 0/0/1 description NIPRNet link ip address x.x.x.x 255.255.255.0 ip access-group Authorized_Sources_ACL in ... ip access-list extended Authorized_Sources_ACL deny ip 1.1.1.0 0.0.0.255 any log ...
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer