|
Name |
Network
Infrastructure Security Checklist |
|
Version |
Version
5 Release 2.3 |
|
Status |
Final |
| Creation
Date |
Not
Available. |
| Revision
Date |
2005-02-25 |
| Product
Category |
Network
Router |
| Vendor |
Cisco
Systems
Juniper Networks |
| Product |
Cisco
IOS
Juniper JUNOS |
| Product
Version |
IOS
JUNOS |
| Product
Role |
Router |
|
Checklist
Summary |
This
Network Infrastructure Security Checklist provides
the procedures for conducting a Security Readiness
Review (SRR) to determine compliance with the
requirements in the Network Infrastructure Security
Technical Implementation Guide (STIG). This
Checklist document must be used together with
the corresponding version of the STIG document.
This guide focuses strictly on perimeter network
components and concepts which protect a DoD
private LAN. This checklist ensures the site
has properly installed and implemented specific
network components and that it is being managed
in a way that is secure, efficient, and effective,
through procedures outlined in the checklist.
The items reviewed are based on standards and
requirements published by DISA in the Security
Handbook and the Network Infrastructure Security
Technical Implementation Guide.
This
checklist is broken out between five sections
and one appendix. Sections 3, 4, and 5 contain
matrices that allow a reviewer to manually
document details about the object of the SRR
and the vulnerabilities discovered during
the process of inspecting the network infrastructure.
Section 3 details procedures for the reviewer
on the subjects of network perimeter security,
such as external connections, network layer
addressing, standards for communication devices,
routers, access control lists (ACLs), firewalls,
network intrusion detection systems, data
outlets and switches/VLANs. Section 4 details
procedures for the reviewer on the subjects
of remote access management. Section 5 details
procedures for the reviewer on the subjects
of network management, such as network management
security and Virtual Private Networks (VPNs).
Appendix A allows the reader to determine
if SNMP is a vulnerability within the perimeter
network architecture.
The
procedures in this document are part of the
effort to ensure that the security configuration
guidelines required by Department of Defense
(DOD) Directive 8500.1, Information Assurance,
and other relevant guidance have been properly
implemented.
|
| Known
Issues |
Not
Available. |
| Target
Audience |
This
checklist has been created for IT professionals,
particularly network system administrators and
information security personnel. The document
assumes that the reader has experience installing
and administering various network security devices.
|
| Target
Operational Environment |
Enterprise
and Specialized Security-Limited Functionality. |
| Checklist
Installation Tools |
The
scripts need to be unzipped (Windows) or untarred/uncompressed
(Unix) and/or copied to the host system (Windows,
Unix copy commands). |
| Rollback
Capability |
The
scripts create temporary tables to store and
hold results to produce the results files. These
files are removed at the completion of the script.
No other changes are made to the network components. |
| Testing
Information |
Not
Available. |
| NIAP/CMVP
Status |
|
| Regulatory
Compliance |
|
Comments,
Warnings, Disclaimer, Miscellaneous
|
Please
refer to the Checklist or the README.txt files
provided with the scripts for any comments,
warnings, or detailed instructions. |
| Disclaimer |
|
| Product
Support |
|
| Submitting
Organization/Authors |
Defense
Information Systems Agency |
| Point
of Contact |
|
| Sponsor |
|
| Licensing |
|
| Checklist
Homepage |
http://iase.disa.mil/stigs/checklist/index.html |
| Download
Package |
http://iase.disa.mil/stigs/checklist/
network-checklist-v5r2.3.doc |
| Integrity |
sha1
(network-checklist-v5r2.3.doc) =
84150a8e5f0a49567bd89f0d35aeace426dea1ce
sha256 (network-checklist-v5r2.3.doc) =
7bf81e4ad3265c821490a0ef04e500259c85534c
88e804318e4d8778a5242b37 |
| Change
History |
Version
5 Release 2.3 - 2005-02-25
|
| Dependency/Requirement |
Network
Infrastructure Security Technical Implementation
Guide, v5 Release 2 |
| References |
|
| NIST
Identifier |
1023 |
