STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Juniper Router RTR Security Technical Implementation Guide

V-217016

CAT III (Low)

The Juniper router must be configured to have all inactive interfaces disabled.

Rule ID

SV-217016r604135_rule

STIG

Juniper Router RTR Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-001414

Discussion

An inactive interface is rarely monitored or controlled and may expose a network to an undetected attack on that interface. Unauthorized personnel with access to the communication facility could gain access to a router by connecting to a configured interface that is not in use. If an interface is no longer used, the configuration must be deleted and the interface disabled. For sub-interfaces, delete sub-interfaces that are on inactive interfaces and delete sub-interfaces that are themselves inactive. If the sub-interface is no longer necessary for authorized communications, it must be deleted.

Check Content

Review the router configuration and verify that inactive interfaces have been disabled as shown below.

interfaces {
    ge-1/1/0  {
        disable;
        unit 0 {
        }
    }

If an interface is not being used but is configured or enabled, this is a finding.

Fix Text

Disable all inactive interfaces as shown below.

[edit interfaces]
set ge-1/1/0 disable