Tenable ZTE ROSNG

Audit Details

Name: Tenable ZTE ROSNG

Updated: 4/25/2022

Authority: TNS

Plugin: ZTE_ROSNG

Revision: 1.2

Estimated Item Count: 52

File Details

Filename: Tenable-ZTE_ROSNG-Best-Practice-v1.0.0.audit

Size: 126 kB

MD5: cf4f50896fb02d7d85029e9d866c6039
SHA256: 4d45caa5477b51ce0159fb961a61a00d78da62b0457d884902c6774e58d6cda9

Audit Items

DescriptionCategories
1.1 Secure Login and Telnet Disabling - Disable telnet server

CONFIGURATION MANAGEMENT

1.1 Secure Login and Telnet Disabling - Enable SSH server

CONFIGURATION MANAGEMENT

1.2 Password Security Policy - a) The default password length shouldn't be below 8 characters

IDENTIFICATION AND AUTHENTICATION

1.2 Password Security Policy - b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4

IDENTIFICATION AND AUTHENTICATION

1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - same-consecutive

IDENTIFICATION AND AUTHENTICATION

1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - strong-password dictionary

IDENTIFICATION AND AUTHENTICATION

1.2 Password Security Policy - d) Check either of the following words exist in configuration file

IDENTIFICATION AND AUTHENTICATION

1.2 Password Security Policy - e) Check for strong-password max-length

IDENTIFICATION AND AUTHENTICATION

1.2 Password Security Policy - e) Check for strong-password max-length - strong-password date-check enable

IDENTIFICATION AND AUTHENTICATION

1.2 Password Security Policy - e) Check for strong-password max-length - strong-password username-related-chk inverse

IDENTIFICATION AND AUTHENTICATION

1.2 Password Security Policy - f) The validity period of an account can be configured

IDENTIFICATION AND AUTHENTICATION

1.3 Account Anti-riot Attack

ACCESS CONTROL

1.4 SNMP Security - a) SNMP Community Security

IDENTIFICATION AND AUTHENTICATION

1.4 SNMP Security - b) SNMP server

SYSTEM AND COMMUNICATIONS PROTECTION

1.4 SNMP Security - c) SNMP Security Protection Function

SYSTEM AND COMMUNICATIONS PROTECTION

1.5 FTP/SFTP Access Authorization

CONFIGURATION MANAGEMENT

1.5 FTP/SFTP Access Authorization - login-type-allowed

CONFIGURATION MANAGEMENT

1.5 FTP/SFTP Access Authorization - sftp top-directory

CONFIGURATION MANAGEMENT

1.6 Support Web Access Security - a) ciphersuite

SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Support Web Access Security - b) ssl-context field

SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Support Web Access Security - c) version

SYSTEM AND COMMUNICATIONS PROTECTION

1.7 Log Auditing

AUDIT AND ACCOUNTABILITY

1.8 SSH Strong Algorithm - a) Disable encryption none

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - b) Disable encryption 3des-cbc

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - c) Disable encryption aes128-cbc

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - d) Disable encryption aes192-cbc

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - e) Disable encryption aes256-cbc

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - f) Disable encryption blowfish-cbc

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - g) Disable hmac md5

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - h) Disable hmac none

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - i) Disable diffie-hellman group-exchange-sha1

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - j) Disable diffie-hellman group1-sha1

SYSTEM AND COMMUNICATIONS PROTECTION

1.8 SSH Strong Algorithm - k) Disable hmac sha1

SYSTEM AND COMMUNICATIONS PROTECTION

1.9 SSL Strong Algorithm - a) Version

SYSTEM AND COMMUNICATIONS PROTECTION

1.9 SSL Strong Algorithm - b) ciphersuite

SYSTEM AND COMMUNICATIONS PROTECTION

1.9 SSL Strong Algorithm - c) pki-profile

SYSTEM AND COMMUNICATIONS PROTECTION

1.9 SSL Strong Algorithm - d) renegotiate

CONFIGURATION MANAGEMENT

2.1 Protection Policy for the CPS Control Engine

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 NTP Security Protection - a) Enable NTP

AUDIT AND ACCOUNTABILITY

2.2 NTP Security Protection - b) NTP access-group

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 NTP Security Protection - c) NTP Auth-key encrypted

AUDIT AND ACCOUNTABILITY

2.3 Disable the Proxy ARP Function - a) No proxy

CONFIGURATION MANAGEMENT

2.3 Disable the Proxy ARP Function - b) No inter-vlan-proxy

CONFIGURATION MANAGEMENT

2.3 Disable the Proxy ARP Function - c) No proxy local

CONFIGURATION MANAGEMENT

2.3 Disable the Proxy ARP Function - d) No local-proxy-arp

CONFIGURATION MANAGEMENT

2.4 Disable the IP Unreachable Function

CONFIGURATION MANAGEMENT

2.5 Product Default Banner

ACCESS CONTROL

3.1 Authentication and Verification of OSPF Routing Protocols - authentication message-digest

IDENTIFICATION AND AUTHENTICATION

3.1 Authentication and Verification of OSPF Routing Protocols - message-digest-key

IDENTIFICATION AND AUTHENTICATION

3.2 Authentication and Verification of ISIS Routing Protocols - authentication

IDENTIFICATION AND AUTHENTICATION