Detections
Analytics

3.3.4.1 Set 'neighbor password'

Information

Enable message digest5 (MD5) authentication on a TCP connection between two BGP peers

Rationale:

Enforcing routing authentication reduces the likelihood of routing poisoning and unauthorized routers from joining BGP routing.

Impact:

Organizations should plan and implement enterprise security policies that require rigorous authentication methods for routing protocols. Using the 'neighbor password' for BGP enforces these policies by restricting the type of authentication between network devices.

Solution

Configure BGP neighbor authentication where feasible.

hostname(config)#router bgp <<em>bgp_as-number</em>>
hostname(config-router)#neighbor <<em>bgp_neighbor-ip</em> | <em>peer-group-name</em>> password <<em>password</em>>

Default Value:

Not set

See Also

https://workbench.cisecurity.org/files/3829

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-6, 800-53|CM-7, 800-53|SC-23, CSCv7|11

Plugin: Cisco

Control ID: 5d4c0b996260f2c2cd5fd1928f82472ffb92c2514b90748a0bae9f9fa6293d61