1.1 Secure Login and Telnet Disabling - Disable telnet server | CONFIGURATION MANAGEMENT |
1.1 Secure Login and Telnet Disabling - Enable SSH server | CONFIGURATION MANAGEMENT |
1.2 Password Security Policy - a) The default password length shouldn't be below 8 characters | IDENTIFICATION AND AUTHENTICATION |
1.2 Password Security Policy - b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4 | IDENTIFICATION AND AUTHENTICATION |
1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - same-consecutive | IDENTIFICATION AND AUTHENTICATION |
1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - strong-password dictionary | IDENTIFICATION AND AUTHENTICATION |
1.2 Password Security Policy - d) Check either of the following words exist in configuration file | IDENTIFICATION AND AUTHENTICATION |
1.2 Password Security Policy - e) Check for strong-password max-length | IDENTIFICATION AND AUTHENTICATION |
1.2 Password Security Policy - e) Check for strong-password max-length - strong-password date-check enable | IDENTIFICATION AND AUTHENTICATION |
1.2 Password Security Policy - e) Check for strong-password max-length - strong-password username-related-chk inverse | IDENTIFICATION AND AUTHENTICATION |
1.2 Password Security Policy - f) The validity period of an account can be configured | IDENTIFICATION AND AUTHENTICATION |
1.3 Account Anti-riot Attack | ACCESS CONTROL |
1.4 SNMP Security - a) SNMP Community Security | IDENTIFICATION AND AUTHENTICATION |
1.4 SNMP Security - b) SNMP server | SYSTEM AND COMMUNICATIONS PROTECTION |
1.4 SNMP Security - c) SNMP Security Protection Function | SYSTEM AND COMMUNICATIONS PROTECTION |
1.5 FTP/SFTP Access Authorization | CONFIGURATION MANAGEMENT |
1.5 FTP/SFTP Access Authorization - login-type-allowed | CONFIGURATION MANAGEMENT |
1.5 FTP/SFTP Access Authorization - sftp top-directory | CONFIGURATION MANAGEMENT |
1.6 Support Web Access Security - a) ciphersuite | SYSTEM AND COMMUNICATIONS PROTECTION |
1.6 Support Web Access Security - b) ssl-context field | SYSTEM AND COMMUNICATIONS PROTECTION |
1.6 Support Web Access Security - c) version | SYSTEM AND COMMUNICATIONS PROTECTION |
1.7 Log Auditing | AUDIT AND ACCOUNTABILITY |
1.8 SSH Strong Algorithm - a) Disable encryption none | SYSTEM AND COMMUNICATIONS PROTECTION |
1.8 SSH Strong Algorithm - b) Disable encryption 3des-cbc | SYSTEM AND COMMUNICATIONS PROTECTION |
1.8 SSH Strong Algorithm - c) Disable encryption aes128-cbc | SYSTEM AND COMMUNICATIONS PROTECTION |
1.8 SSH Strong Algorithm - d) Disable encryption aes192-cbc | SYSTEM AND COMMUNICATIONS PROTECTION |
1.8 SSH Strong Algorithm - e) Disable encryption aes256-cbc | SYSTEM AND COMMUNICATIONS PROTECTION |
1.8 SSH Strong Algorithm - f) Disable encryption blowfish-cbc | SYSTEM AND COMMUNICATIONS PROTECTION |
1.8 SSH Strong Algorithm - g) Disable hmac md5 | SYSTEM AND COMMUNICATIONS PROTECTION |
1.8 SSH Strong Algorithm - h) Disable hmac none | SYSTEM AND COMMUNICATIONS PROTECTION |
1.8 SSH Strong Algorithm - i) Disable diffie-hellman group-exchange-sha1 | SYSTEM AND COMMUNICATIONS PROTECTION |
1.8 SSH Strong Algorithm - j) Disable diffie-hellman group1-sha1 | SYSTEM AND COMMUNICATIONS PROTECTION |
1.8 SSH Strong Algorithm - k) Disable hmac sha1 | SYSTEM AND COMMUNICATIONS PROTECTION |
1.9 SSL Strong Algorithm - a) Version | SYSTEM AND COMMUNICATIONS PROTECTION |
1.9 SSL Strong Algorithm - b) ciphersuite | SYSTEM AND COMMUNICATIONS PROTECTION |
1.9 SSL Strong Algorithm - c) pki-profile | SYSTEM AND COMMUNICATIONS PROTECTION |
1.9 SSL Strong Algorithm - d) renegotiate | CONFIGURATION MANAGEMENT |
2.1 Protection Policy for the CPS Control Engine | SYSTEM AND COMMUNICATIONS PROTECTION |
2.2 NTP Security Protection - a) Enable NTP | AUDIT AND ACCOUNTABILITY |
2.2 NTP Security Protection - b) NTP access-group | SYSTEM AND COMMUNICATIONS PROTECTION |
2.2 NTP Security Protection - c) NTP Auth-key encrypted | AUDIT AND ACCOUNTABILITY |
2.3 Disable the Proxy ARP Function - a) No proxy | CONFIGURATION MANAGEMENT |
2.3 Disable the Proxy ARP Function - b) No inter-vlan-proxy | CONFIGURATION MANAGEMENT |
2.3 Disable the Proxy ARP Function - c) No proxy local | CONFIGURATION MANAGEMENT |
2.3 Disable the Proxy ARP Function - d) No local-proxy-arp | CONFIGURATION MANAGEMENT |
2.4 Disable the IP Unreachable Function | CONFIGURATION MANAGEMENT |
2.5 Product Default Banner | ACCESS CONTROL |
3.1 Authentication and Verification of OSPF Routing Protocols - authentication message-digest | IDENTIFICATION AND AUTHENTICATION |
3.1 Authentication and Verification of OSPF Routing Protocols - message-digest-key | IDENTIFICATION AND AUTHENTICATION |
3.2 Authentication and Verification of ISIS Routing Protocols - authentication | IDENTIFICATION AND AUTHENTICATION |