The Juniper router must not be configured to have any feature enabled that calls home to the vendor.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-254000 | SRG-NET-000131-RTR-000083 | JUEX-RT-000280 | SV-254000r844033_rule | 2024-06-10 | 2 |
| Description |
|---|
| Call home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission of sensitive data sent to unauthorized persons could result in data loss or downtime due to an attack. |
| ℹ️ Check |
|---|
| Verify the call home service is disabled on the device. Verify [edit system] does NOT contain a phone-home hierarchy as shown: [edit system] host-name <hostname>; : <other system configuration> : phone-home { server https://<applicable URL>; rfc-compliant; } If a call home service is enabled, this is a finding. |
| ✔️ Fix |
|---|
| Configure the network device to disable the call home service or feature. Delete the phone-home hierarchy under [edit system]. delete system phone-home Note: Because the command is hidden, Junos will not autocomplete and "phone-home" must be explicitly, and correctly, spelled out. |