AOS must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-266591 | ARBA-NT-000440 | SV-266591r1040263_rule | CCI-001095 | medium |
| Description | ||||
| A network element experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering, resulting in route flapping, and will eventually sinkhole production traffic. The device must be configured to contain and limit a DoS attack's effect on the device's resource utilization. The use of redundant components and load balancing are examples of mitigating "flood-type" DoS attacks through increased capacity. | ||||
| STIG | Date | |||
| HPE Aruba Networking AOS Wireless Security Technical Implementation Guide | 2024-10-29 | |||
Details
Check Text (C-266591r1040263_chk)
Verify the AOS configuration using the web interface:
Navigate to Configuration >> Services >> Firewall.
If the organization-defined safeguards are not enabled to protect against known DoS attacks, this is a finding.
Fix Text (F-70418r1040262_fix)
Configure AOS using the web interface:
Navigate to Configuration >> Services >> Firewall and enable DoS protection in accordance with organization-defined policy.
Click Submit >> Pending Changes >> Deploy Changes.