Navigate

Check: SRG-NET-000078-RTR-000001

Router SRG: SRG-NET-000078-RTR-000001 (in versions v4 r3 through v4 r1)

Title

The router must be configured to log all packets that have been dropped. (Cat III impact)

Discussion

Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done or attempted to be done, and by whom, to compile an accurate risk assessment. Auditing the actions on network devices provides a means to recreate an attack or identify a configuration mistake on the device.

Check Content

Review the router interface access control lists (ACLs) to verify all deny statements are logged. If packets being dropped are not logged, this is a finding.

Fix Text

Configure interface ACLs to log all deny statements.

Additional Identifiers

Rule ID: SV-207122r604135_rule

Vulnerability ID: V-207122

Group Title: SRG-NET-000078

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000134	The information system generates audit records containing information that establishes the outcome of the event.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-3	Content Of Audit Records