The Dell OS10 BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-269883 | SRG-NET-000230-RTR-000002 | OS10-RTR-000550 | SV-269883r1052034_rule | 2024-12-11 | 1 |
| Description |
|---|
| If the same keys are used between eBGP neighbors, the chance of a hacker compromising any of the BGP sessions increases. It is possible that a malicious user exists in one autonomous system who would know the key used for the eBGP session. This user would then be able to hijack BGP sessions with other trusted neighbors. |
| ℹ️ Check |
|---|
| Review the router configuration. Verify that unique keys are used for each AS that it peers with. ! interface vlan400 ipv6 ospf 10 area 0.0.0.1 ipv6 ospf authentication ipsec spi 4017 sha1 1234567890123456789012345678901234567890 ... ip ospf 1 area 0.0.0.1 ip ospf message-digest-key 1 md5 $$c95abfd48ae6bcffc281603e960d49860dab21b300c5ea1febf7b674320be879 If any keys are found not to be unique for each autonomous system, this is a finding. |
| ✔️ Fix |
|---|
| Configure unique keys for each AS that the router peers with. OS10(config)# interface vlan 400 OS10(conf-if-vl-400)# ipv6 ospf 10 area 0.0.0.1 OS10(conf-if-vl-400)# ipv6 ospf authentication ipsec spi 4018 sha1 1234567890123456789012345678901234567890 OS10(conf-if-vl-400)# ip ospf 1 area 0.0.0.1 OS10(conf-if-vl-400)# ip ospf message-digest-key 1 md5 $$9d5679ab0b6ff43439c05e8059fefcccf05a20062d9679720bdecd630843c545 OS10(conf-if-vl-400)# exit |