Juniper Hardening JunOS 12 Devices Checklist

Audit Details

Name: Juniper Hardening JunOS 12 Devices Checklist

Updated: 12/22/2023

Authority: Juniper

Plugin: Juniper

Revision: 1.16

Estimated Item Count: 114

File Details

Filename: Juniper_Hardening_Junos_Devices.audit

Size: 165 kB

MD5: 5c3ef9ede314095b6df91c0954d72b08
SHA256: eb0dcfacb175f1ba3a7f37ab1a0f02688991e1db0499ea7aa19e490438d789ca

Audit Items

DescriptionCategories
Access Security - Configure a warning banner that is displayed prior to login

ACCESS CONTROL

Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - finger

CONFIGURATION MANAGEMENT

Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - ftp

CONFIGURATION MANAGEMENT

Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - J-Web over HTTP

CONFIGURATION MANAGEMENT

Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - rlogin

CONFIGURATION MANAGEMENT

Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - rsh

CONFIGURATION MANAGEMENT

Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - telnet

CONFIGURATION MANAGEMENT

Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - tftp-server

CONFIGURATION MANAGEMENT

Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - xnm-clear-text

CONFIGURATION MANAGEMENT

Access Security - Enable required secure access services - J-Web over HTTPS

SYSTEM AND COMMUNICATIONS PROTECTION

Access Security - Enable required secure access services - ssh

SYSTEM AND COMMUNICATIONS PROTECTION

Access Security - J-Web - Limit access to only authorized interfaces

SYSTEM AND COMMUNICATIONS PROTECTION

Access Security - J-Web - Set session-limit restrictions suitable for your environment

ACCESS CONTROL

Access Security - J-Web - Terminate idle connections by setting the idle-time value

ACCESS CONTROL

Access Security - J-Web - Use HTTPS with a valid certificate signed by a trusted CA - local-certificate

SYSTEM AND COMMUNICATIONS PROTECTION

Access Security - J-Web - Use HTTPS with a valid certificate signed by a trusted CA - trusted CA

SYSTEM AND COMMUNICATIONS PROTECTION

Access Security - SSH - Deny Root logins

ACCESS CONTROL

Access Security - SSH - Set connection-limit and rate-limit restrictions - connection-limit

ACCESS CONTROL

Access Security - SSH - Set connection-limit and rate-limit restrictions - rate-limit

SYSTEM AND COMMUNICATIONS PROTECTION

Access Security - SSH - Use SSH version 2

CONFIGURATION MANAGEMENT

Audited configuration or device is JUNOS 12.

CONFIGURATION MANAGEMENT

Firewall Filter - Ensure the last term, default-deny, includes the syslog option

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall Filter - Order terms with time sensitive protocols at the top

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall Filter - Permit only required protocols from authorized sources

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall Filter - Protect the Routing Engine using a default deny firewall filter

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall Filter - Rate-limit authorized protocols using policers

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall Filter - Rate-limit SYN packets to protect against a SYN flood attack

SYSTEM AND COMMUNICATIONS PROTECTION

Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server

AUDIT AND ACCOUNTABILITY

Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - client-list restrict

SYSTEM AND COMMUNICATIONS PROTECTION

Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - clients restrict

SYSTEM AND COMMUNICATIONS PROTECTION

Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - community trap

AUDIT AND ACCOUNTABILITY

Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - usm traps

AUDIT AND ACCOUNTABILITY

Management Services Security - Community strings and USM passwords should be difficult to guess and should follow a password policy

IDENTIFICATION AND AUTHENTICATION

Management Services Security - Community strings and USM passwords should be difficult to guess and should follow a policy - community

IDENTIFICATION AND AUTHENTICATION

Management Services Security - Community strings and USM passwords should be difficult to guess and should follow a policy - usm

IDENTIFICATION AND AUTHENTICATION

Management Services Security - Configure automated secure configuration backups to more than one trusted server - archive-sites

CONTINGENCY PLANNING

Management Services Security - Configure automated secure configuration backups to more than one trusted server - transfer-interval

CONTINGENCY PLANNING

Management Services Security - Configure NTP with authentication with more than one trusted server - authentication type

AUDIT AND ACCOUNTABILITY

Management Services Security - Configure NTP with authentication with more than one trusted server - authentication value

AUDIT AND ACCOUNTABILITY

Management Services Security - Configure NTP with authentication with more than one trusted server - multiple servers

AUDIT AND ACCOUNTABILITY

Management Services Security - Configure NTP with authentication with more than one trusted server - trusted-key

AUDIT AND ACCOUNTABILITY

Management Services Security - Configure read-only access; use read-write only when required

ACCESS CONTROL

Management Services Security - Configure read-only access; use read-write only when required - community

ACCESS CONTROL

Management Services Security - Configure read-only access; use read-write only when required - usm

ACCESS CONTROL

Management Services Security - Configure SNMP using the most secure method with more than one trusted server

IDENTIFICATION AND AUTHENTICATION

Management Services Security - Configure SNMP using the most secure method with more than one trusted server - v1/v2 not configured

IDENTIFICATION AND AUTHENTICATION

Management Services Security - Configure SNMP using the most secure method with more than one trusted server - v3 configured

CONFIGURATION MANAGEMENT

Management Services Security - Send Syslog messages to more than one trusted server with enhanced timestamps

AUDIT AND ACCOUNTABILITY

Network Security - Configure LLDP only on required network ports - LLDP

CONFIGURATION MANAGEMENT

Network Security - Configure LLDP only on required network ports - LLDP-MED

CONFIGURATION MANAGEMENT