A system used for routing must not run other network services or applications.

From HP-UX 11.31 Security Technical Implementation Guide

Part of GEN005580

Associated with IA controls: DCSP-1

Associated with: CCI-001208

SV-35156r1_rule A system used for routing must not run other network services or applications.

Vulnerability discussion

Installing extraneous software on a system designated as a dedicated router poses a security threat to the system and the network. Should an attacker gain access to the router through the unauthorized software, the entire network is susceptible to malicious activity.

Check content

Ask the SA if the system is a designated router. If it is not, this is not applicable. If this system is a designated router, check the system for non-routing network services. # netstat -a | grep -i listen # ps -ef If non-routing services, including Web servers, file servers, DNS servers, or applications servers, but excluding management services such as SSH and SNMP, are running on the system, this is a finding.

Fix text

Ensure only authorized software is loaded on a designated router. Authorized software will be limited to the most current version of routing protocols and SSH for system administration purposes.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer