From HP FlexFabric Switch RTR Security Technical Implementation Guide
Part of SRG-NET-000364-RTR-000109
Associated with: CCI-002403
Unrestricted traffic may contain malicious traffic that poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources.
Review the HP FlexFabric Switch configuration to determine if the switch only allows incoming communications from authorized sources to be routed to authorized destinations. This requirement can be met by applying an ingress filter to an external-facing interface as shown in the following example: acl number 3001 rule 1 deny ip source 192.168.3.121 0 rule 2 permit ip source 192.100.1.0 0.0.0.255 destination 192.200.2.0 0.0.0.255 interface Ten-GigabitEthernet1/0/21 ip address 102.17.17.2 255.255.255.252 packet-filter 3001 inbound If the HP FlexFabric Switch allows incoming communications from unauthorized sources or to unauthorized destinations, this is a finding.
Configure the HP FlexFabric Switch to only allow incoming communications from authorized sources to be routed to authorized destinations.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer