STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to HPE Aruba Networking AOS Wireless Security Technical Implementation Guide

V-266591

CAT II (Medium)

AOS must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks.

Rule ID

SV-266591r1040263_rule

STIG

HPE Aruba Networking AOS Wireless Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001095

Discussion

A network element experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering, resulting in route flapping, and will eventually sinkhole production traffic. The device must be configured to contain and limit a DoS attack's effect on the device's resource utilization. The use of redundant components and load balancing are examples of mitigating "flood-type" DoS attacks through increased capacity.

Check Content

Verify the AOS configuration using the web interface: 

Navigate to Configuration >> Services >> Firewall.

If the organization-defined safeguards are not enabled to protect against known DoS attacks, this is a finding.

Fix Text

Configure AOS using the web interface: 

Navigate to Configuration >> Services >> Firewall and enable DoS protection in accordance with organization-defined policy.
 
Click Submit >> Pending Changes >> Deploy Changes.