Detections
Analytics

Item Search

NameAudit NamePluginCategory
NET-IPV6-008 - IPV6 Bogons are not blocked - 'deny ipv6 3FFE::/16 any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-008 - IPV6 Bogons are not blocked - 'deny ipv6 any 3FFE::/16 log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-010 - Inbound ICMPv6 messages are not blocked - 'deny ipv6 any any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-010 - Inbound ICMPv6 messages are not blocked - 'permit icmp any any nd-na'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-010 - Inbound ICMPv6 messages are not blocked - 'permit icmp any any time-exceeded'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-016 - ICMPv6 unreachable notifications and redirects must be disabled - 'no ipv6 unreachables'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-024 - IPv6 6-to-4 addresses are not filtered - 'deny ipv6 2002::/16 any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-024 - IPv6 6-to-4 addresses are not filtered - 'Egress deny ipv6 any 2002::/16 log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-026 - IPv6 Site Local Unicast Addresses are not blocked - 'deny ipv6 any fec0::/10 log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-026 - IPv6 Site Local Unicast Addresses are not blocked - 'Egress deny ipv6 fec0::/10 any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-029 - IPv6 Multicast Source ADDR are not blocked - 'deny ipv6 ff00::/16 any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-061 - Packet with invalid Destination Option header - Inbound ACLDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-MCAST-001 - PIM enabled on wrong interfaces -'interfaces enabled for PIM'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 access-list IPV6_PIM_NEIGHBORS_ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 pim neighbor-filter list IPV6_PIM_NEIGHBORS_ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-MCAST-009 - No administrative scoped multicast boundary - ipv6 multicast boundary scope 8DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0425 - An Infinite Lifetime key has not been implemented - 'Third key set to accept-lifetime infinite'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0433 - The device is not authenticated using a AAA server - 'aaa new-model'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

NET0700 - Operating system is not at a current release levelDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0750 - The Bootp service is not disabledDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0800 - Filter ICMP on external interface. - 'no ip redirects'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0813 - The network element must authenticate all NTP messages received from NTP servers and peers.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0898 - Syslog traffic is not using loopback address - 'logging on'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET0903 - Loopback address is not used as the iBGP source IPDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0911 - Inbound ICMP messages are not blocked - 'permit icmp any any parameter-problem'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0911 - Inbound ICMP messages are not blocked - 'permit icmp any host @EDGE_INTERFACE_IP@ echo-reply'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0912 - Outbound ICMP message are not blocked - 'permit icmp any any source-quench'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0927 - RFC1918 addresses are not blocked - '172.16.0.0/12 Network Blocked'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0949 - Cisco Express Fowarding (CEF) not enabled on supported devicesDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0950 - uRPF strict mode or ACL not enabled on egress interface - 'ip verify unicast source reachable-via rx URPF_ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0960 - Routers are not set to intercept TCP SYN attacks - 'access-list TCP_INTERCEPT permit tcp any INTERNAL_NETWORK'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0960 - Routers are not set to intercept TCP SYN attacks - 'ip tcp intercept list TCP_INTERCEPT_ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0966 - Control plan protection is not enabled - 'Steps 1 - 3'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0988 - Traffic from the managed network will leak - 'OOBM Interface (ip access-list OOBM_EGRESS_ACL out)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0996 - Invalid ports with membership to the mgmt VLANDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1007 - Management traffic is not classified and marked - 'Interface Configured (service-policy input DIST_LAYER_POLICY)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET1021 - The network element must log all messages except debugging - 'Logging console notifications'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET1021 - The network element must log all messages except debugging- 'Logging on'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET1030 - Running and startup configurations are not synchronizedDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET1623 - Authentication required for console access - 'AUX port (login authentication AUTH_LIST)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL

NET1629 - The auxiliary port is not disabledDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET1636 - Management connections must require passwords - 'VTY port (login authentication AUTH_LIST)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL

NET1638 - Management connections must be secured by FIPS 140-2 -'input ssh'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1640 - Management connections must be loggedDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET1640 - Management connections must be logged - login failureDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET1675 - SNMP privilege and non-privileged accessDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET1800 - IPSec VPN is not configured as a tunnel type VPNDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET1807 - Management traffic is not restricted - 'Interface crypto map configured (crypto map MYVPN)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1970 - PAT is vulnerable to DNS cache poisoningDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
SNMPv3 with ACL is configured Check for ACL ConfigurationDISA STIG Cisco Perimeter L3 Switch v8r32Cisco