Check: JUEX-RT-000280
Juniper EX Series Switches Router STIG:
JUEX-RT-000280
(in versions v1 r3 through v1 r1)
Title
The Juniper router must not be configured to have any feature enabled that calls home to the vendor. (Cat II impact)
Discussion
Call home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission of sensitive data sent to unauthorized persons could result in data loss or downtime due to an attack.
Check Content
Verify the call home service is disabled on the device. Verify [edit system] does NOT contain a phone-home hierarchy as shown: [edit system] host-name <hostname>; : <other system configuration> : phone-home { server https://<applicable URL>; rfc-compliant; } If a call home service is enabled, this is a finding.
Fix Text
Configure the network device to disable the call home service or feature. Delete the phone-home hierarchy under [edit system]. delete system phone-home Note: Because the command is hidden, Junos will not autocomplete and "phone-home" must be explicitly, and correctly, spelled out.
Additional Identifiers
Rule ID: SV-254000r844033_rule
Vulnerability ID: V-254000
Group Title: SRG-NET-000131-RTR-000083
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002373 |
The organization employs vulnerability scanning procedures that can identify the breadth and depth of coverage (i.e., information system components scanned and vulnerabilities checked). |
| CCI-002403 |
The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations. |