The Juniper router must not be configured to have any feature enabled that calls home to the vendor.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-254000 | JUEX-RT-000280 | SV-254000r844033_rule | CCI-002403 | medium |
| Description | ||||
| Call home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission of sensitive data sent to unauthorized persons could result in data loss or downtime due to an attack. | ||||
| STIG | Date | |||
| Juniper EX Series Switches Router Security Technical Implementation Guide | 2024-06-10 | |||
Details
Check Text (C-254000r844033_chk)
Verify the call home service is disabled on the device.
Verify [edit system] does NOT contain a phone-home hierarchy as shown:
[edit system]
host-name <hostname>;
:
<other system configuration>
:
phone-home {
server https://<applicable URL>;
rfc-compliant;
}
If a call home service is enabled, this is a finding.
Fix Text (F-57403r844032_fix)
Configure the network device to disable the call home service or feature.
Delete the phone-home hierarchy under [edit system].
delete system phone-home
Note: Because the command is hidden, Junos will not autocomplete and "phone-home" must be explicitly, and correctly, spelled out.