The core router within the managed network has not been configured to provide preferred treatment for management traffic that must traverse several nodes to reach the management network.
From Infrastructure Router Security Technical Implementation Guide
Part of Management traffic doesn't get preferred treatment
Associated with IA controls: ECSC-1
SV-19098r1_rule
The core router within the managed network has not been configured to provide preferred treatment for management traffic that must traverse several nodes to reach the management network.
Vulnerability discussion
When network congestion occurs, all traffic has an equal chance of being dropped. Prioritization of network management traffic must be implemented to ensure that even during periods of severe network congestion, the network can be managed and monitored. Quality of Service (QoS) provisioning categorizes network traffic, prioritizes it according to its relative importance, and provides priority treatment through congestion avoidance techniques. Implementing QoS within the network makes network performance more predictable and bandwidth utilization more effective. Most important, since the same bandwidth is being used to manage the network, it provides some assurance that there will be bandwidth available to troubleshoot outages and restore availability when needed. When management traffic must traverse several nodes to reach the management network, management traffic should be classified and marked at the nearest upstream MLS or router. In addition, all core routers within the managed network must be configured to provide preferred treatment based on the QoS markings. This will ensure that management traffic receives preferred treatment (per-hop behavior) at each forwarding device along the path to the management network. traffic.
Check content
When management traffic must traverse several nodes to reach the management network, ensure that all core routers within the managed network have been configured to provide preferred treatment for management traffic. This will ensure that management traffic receives guaranteed bandwidth at each forwarding device along the path to the management network. Verify that a service policy is bound to all core or internal router interfaces. The service policy should be configured to place management traffic in the appropriate forwarding class.
The classes must be configured to receive the required service.
Fix text
When management traffic must traverse several nodes to reach the management network, ensure that all core routers within the managed network have been configured to provide preferred treatment for management traffic.
Pro Tips
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer