Ensuring a consistent secure baseline for Juniper appliances across the network infrastructure contributes to a healthy and more secure network. SecurityCenter Continuous View (CV) provides compliance audit files that use the CIS Junos compliance benchmarks. These CIS Junos reports provide audit results from CIS Junos compliance scans.
These reports are templates used for reporting on the results from CIS compliance scans with the CIS Junos audit files. The Center for Internet Security is an organization that works with end users, vendors, and auditors to develop a set of 'best practice' security standards for configuring operating systems and applications. These 'best practices' are known as 'CIS Benchmarks'.
Tenable Network Security is a CIS member and has submitted several audit policies for certification against specific benchmarks. The policies included in CIS_Junos_v1.0.1_L2 and CIS_Junos_v1.0.1_L1 have been approved and have been certified by CIS staff members. Tenable has submitted example positive and negative test cases for each of the unique test criteria for CIS_Junos_v1.0.1_L2 and CIS_Junos_v1.0.1_L1 benchmarks.
The CIS Junos audit files contains a description of how to perform the scan. When performing managed scans with SecurityCenter, some CIS audits require additional patch audits and vulnerability checks. Any additional requirements for completing an audit with CIS_Junos_v1.0.1_L2 or CIS_Junos_v1.0.1_L1 are included with the audit file description text. In some cases, multiple scans may be required to be performed. The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Compliance & Configuration Assessment. The report requirements are:
- SecurityCenter 4.8.1
- Nessus 5.2.7CIS
- Junos audit files
When performing audit scans with SecurityCenter, the CIS Junos audit files must first be uploaded to SecurityCenter. Next, the appropriate credentials must be added, after which a scan policy can be created. Finally, a scan can be scheduled. As part of the post scan jobs, the 'Auto-Run Reports' can be enabled automatically, running this report on the data collected for the CIS Junos reports.This "How To" guide provides instructions on how the use the "Find / Update" feature in SecurityCenter reports are located at FindUpdateReportFilters-HowTo_v1.4.pptx.
SecurityCenter CV is the market leader in providing a unique combination of vulnerability detection, compliance auditing, and reporting. SecurityCenter CV supports auditing more technologies than any other vendor including operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure.
These Reports are:
- Reports:CIS Junos v1.0.1 L1: The CIS Junos v1.0.1 L1 report provides results from a CIS Junos v1.0.1 L1 audit scan. This CIS benchmark is designed for Juniper J,M, MX, and T Series Routers versions JUNOS 8.x, 9.x, and 10.x.. The level 1 profile is defined as the minimum security level for Juniper routers/firewalls without impacting service of the appliance. This audit will check for General recommendations, interfaces, protocols, SNMP, system and more. The audit file required for this report is the CIS_Junos_v1.0.1_L1.audit file.
- CIS Junos v1.0.1 L2: The CIS Junos v1.0.1 L2 report provides results from a CIS Junos v1.0.1 L2 audit scan. This CIS benchmark is designed for Juniper J,M, MX, and T Series Routers versions JUNOS 8.x, 9.x, and 10.x.. The level 2 profile is defined as a higher security level and a more prudent defense level against security risks and attacks. This audit will check for Firewall, interfaces, protocols, SNMP, system, and more . The audit file required for this report is the CIS_Junos_v1.0.1_L2.audit file.