| V-92263 | | The SEL-2740S must uniquely identify all network-connected endpoint devices before establishing any connection. | Controlling LAN access via identification of connecting hosts can assist in preventing a malicious user from connecting an unauthorized PC to a switch... |
| V-92277 | | The SEL-2740S must be configured to mitigate the risk of ARP cache poisoning attacks. | The SEL-2740S must deter ARP cache poisoning attacks and configure the specific ARP flows that are only necessary to the control system network.... |
| V-92279 | | The SEL-2740S must be configured to capture all packets without flow rule match criteria. | The OTSDN switch must be capable of capturing frames that are not engineered to be in the network and send them to a Security Information and Event Ma... |
| V-92281 | | The SEL-2740S must be configured with backup flows for all host and switch flows to ensure proper failover scheme is in place for the network. | The SEL-2740S must be capable of multiple fast failover, backup and in cases isolation of the traffic from a detected threat in the system.... |
| V-92283 | | The SEL-2740S must be configured to forward only frames from allowed network-connected endpoint devices. | By only allowing frames to be forwarded from known end-points mitigates risks associated with broadcast, unknown unicast, and multicast traffic storms... |
| V-92313 | | The SEL-2740S must be configured to permit the allowed and necessary ports, functions, protocols, and services. | A compromised switch introduces risk to the entire network infrastructure as well as data resources that are accessible via the network. The perimeter... |
| V-92315 | | The SEL-2740S -must be configured to limit excess bandwidth and denial of service (DoS) attacks. | Denial of service is a condition when a resource is not available for legitimate users. Packet flooding DDoS attacks are referred to as volumetric att... |
| V-92317 | | The SEL-2740S must be configured to packet capture flows. | Without the capability to select a user session to capture/record or view/hear, investigations into suspicious or harmful events would be hampered by ... |
| V-92319 | | The SEL-2740S must be configured to capture flows for real-time visualization tools. | Without the capability to remotely view/hear all content related to a user session, investigations into suspicious user activity would be hampered. Re... |
| V-92321 | | The SEL-2740S must be configured to prevent packet flooding and bandwidth saturation. | Access layer switches use the Content Addressable Memory (CAM) table to direct traffic to specific ports based on the VLAN number and the destination ... |
| V-92323 | | SEL-2740S flow rules must include the host IP addresses that are bound to designated SEL-2740S ports for ensuring trusted host access. | IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming th... |
| V-92325 | | The SEL-2740S must be configured with ARP flow rules that are statically created with valid IP-to-MAC address bindings. | DAI intercepts Address Resolution Protocol (ARP) requests and verifies that each of these packets has a valid IP-to-MAC address binding before updatin... |
| V-94587 | | The SEL-2740S must authenticate all network-connected endpoint devices before establishing any connection. | Without authenticating devices, unidentified or unknown devices may be introduced, thereby facilitating malicious activity.
For distributed architect... |
