6.2.3 Ensure NO Plain Text Archive Sites are configured


The routers configuration MUST NOT be sent in plain text to the Archive Site.


JUNOS routers can use a range of protocols for copying configuration files to Archive Sites including FTP, TFTP, NFS and SCP. Of these, only Secure Copy (SCP) provides encryption for the data in transit. Using FTP, FTP or NFS transfer files in plain text, allowing an attacker to copy the file from the network exposing sensitive data and possibly authentication information for both the router and the Archive Site.


Archival is not configured by default. If plain text Archive Sites have been configured, they can be removed by issuing the following command from the [edit system] hierarchy;

[edit system]
user@host#delete archival configuration archive-site <URL>

Archive sites should be reconfigured using SCP.

Default Value:

Archival is not configured by default.

See Also


Item Details


References: 800-53|CP-9, CSCv7|10.4

Plugin: Juniper

Control ID: e55bcd7b2c5cd8464c8f8ebc32050412291149bdc7bc72e5ccad686e620d440c