← Back to Arista MLS EOS 4.X Router Security Technical Implementation Guide

V-256029

CAT II (Medium)

The Arista router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network.

Rule ID

SV-256029r882429_rule

STIG

Arista MLS EOS 4.X Router Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-002385

Discussion

Network devices that are configured via a zero-touch deployment or auto-loading feature can have their startup configuration or image pushed to the device for installation via TFTP or Remote Copy (rcp). Loading an image or configuration file from the network is taking a security risk because the file could be intercepted by an attacker who could corrupt the file, resulting in a denial of service.

Check Content

Review the Arista MLS device configuration to determine if a configuration auto-loading or zero-touch deployment feature is enabled.

Execute the command "sh zerotouch".

Zerotouch Mode: Disabled

If a configuration auto-loading feature or zero-touch deployment feature is enabled, this is a finding.

Fix Text

Disable all configuration auto-loading or zero-touch deployment features.

LEAF-1A(config)#zerotouch disable