Title

The RUCKUS ICX Router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. (Cat II impact)

Discussion

Network devices configured via a zero-touch deployment or auto-loading feature can have their startup configuration or image pushed to the device for installation via TFTP or Remote Copy (rcp). Loading an image or configuration file from the network is taking a security risk because the file could be intercepted by an attacker who could corrupt the file, resulting in a denial of service.

Check Content

Examine the startup config ("show conf") and examine whether any interfaces are configured with the keyword "dynamic". If the startup config does not exist, this is a finding.

Fix Text

Configure interfaces, as needed. When complete, save the running config using "wr mem".

Additional Identifiers

Rule ID: SV-273627r1110934_rule

Vulnerability ID: V-273627

Group Title: SRG-NET-000362-RTR-000109

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.