TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit

Audit Details

Name: TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit

Updated: 7/12/2022

Authority: TNS

Plugin: Alcatel

Revision: 1.9

Estimated Item Count: 69

File Details

Filename: TNS_Alcatel_Nokia_TiMOS_Best_Practices.audit

Size: 127 kB

MD5: 01bac824cd9803185fe009c84f5f5525
SHA256: 69f867b3197896a2b45053fe09b364b5a2f7fc58db2edd3068c0c08f707d171e

Audit Items

DescriptionCategories
ACLs: Filter for RFC 1918 addresses (10.0.0.0/8)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 1918 addresses (172.16.0.0/12)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 1918 addresses (192.168.0.0/16)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (0.0.0.0/8)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (127.0.0.0/8)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (169.254.0.0/16)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (192.0.0.0/24)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (192.0.2.0/24)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (192.42.172.0/24)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (198.18.0.0/15)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (198.51.100.0/24)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (203.0.113.0/24)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (224.0.0.0/4)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (240.0.0.0/4)

SYSTEM AND COMMUNICATIONS PROTECTION

ACLs: Filter for RFC 3330 addresses (255.255.255.255/32)

SYSTEM AND COMMUNICATIONS PROTECTION

Authentication: a backup remote authentication server is available

ACCESS CONTROL

Authentication: enable remote authentication

IDENTIFICATION AND AUTHENTICATION

Authentication: local authentication is available as a last resort

IDENTIFICATION AND AUTHENTICATION

Authentication: use a remote authentication server

ACCESS CONTROL

BGP: Authenticate peers

ACCESS CONTROL

BGP: Disable Capability Negotiation

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for ICMP - dest-unreachable

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for ICMP - echo request

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for ICMP - echo-reply

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for ICMP - source quench

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for ICMP - time exceeded

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for IGMP

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for IGP

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for L2TP

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for PIM

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for RSVP

SYSTEM AND COMMUNICATIONS PROTECTION

CPM Filtering: Filter for VRRP

SYSTEM AND COMMUNICATIONS PROTECTION

Disable unused network ports

SYSTEM AND COMMUNICATIONS PROTECTION

DNS: A trusted primary DNS server is configured

SYSTEM AND COMMUNICATIONS PROTECTION

DNS: A trusted secondary DNS server is configured

SYSTEM AND COMMUNICATIONS PROTECTION

ICMP: Do not return Proxy ARP requests

SYSTEM AND COMMUNICATIONS PROTECTION

ICMP: Do not return redirect messages

SYSTEM AND COMMUNICATIONS PROTECTION

ICMP: Do not return unreachable messages

SYSTEM AND COMMUNICATIONS PROTECTION

Logging: capture level is set to at least info

AUDIT AND ACCOUNTABILITY

Logging: Use an external syslog host

AUDIT AND ACCOUNTABILITY

Login: Accounts are locked after 3 failed password attempts

ACCESS CONTROL

Login: Configure Pre-login Banner

ACCESS CONTROL

Login: Exponential Backoff is set

ACCESS CONTROL

Login: FTP is disabled

CONFIGURATION MANAGEMENT

Login: Idle connections time out after 5 minutes or less

CONFIGURATION MANAGEMENT

Login: ssh - limit consecutive logins to 16 or less

ACCESS CONTROL

Login: ssh - v1 is disabled

CONFIGURATION MANAGEMENT

Login: ssh - v2 and later is enabled

CONFIGURATION MANAGEMENT

Login: SSH is enabled

CONFIGURATION MANAGEMENT

Login: Telnet is disabled (IPv4)

CONFIGURATION MANAGEMENT