2.1.1 Ensure 'RIP authentication' is enabled

Information

Enables the authentication of RIPv2 neighbor before routing information is received from the neighbor

Rationale:

Enabling the routing protocol authentication prevents against attackers who can send wrong routing information in order to redirect traffic to their network or send malformed packets in order to saturate and to exhaust the control plane.

Solution

* Step 1: Acquire the interface <interface_name> used by the firewall to receive RIP routing updates
* Step 2: Agree with the neighbor device on the authencation key <key_value> and determine an authentication key ID <key_id>
* Step 3: Run the following to enable RIP authentication

HOSTNAME(CONFIG)#INTERFACE <_interface_name_>
HOSTNAME(CONFIG-IF)# RIP AUTHENTICATION MODE MD5
HOSTNAME(CONFIG-IF)# RIP AUTHENTICATION KEY <_key__value> KEY_ID _<key_id_>

See Also

https://workbench.cisecurity.org/files/1903

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv7|11.1

Plugin: Cisco

Control ID: c88dd0098d35fd8a24a8666a33263d4ac655e87ad5f64d6f2ceea32e4e79c506