All VPN traffic is visible to network intrusion detection systems (IDS).
MAC / CONF
MACI MACII MACIII
Enclave Boundary Defense
The use of VPN creates an environment where network traffic travels in and out of physical network boundaries. Albeit relatively secure, allowing VPN connections introduces a point of entry into a network. This tunnel into a system creates the potential for unauthorized and unwanted traffic entering or leaving the core network. Ensuring all VPN traffic is visible to network IDS enables components to monitor this connection for anomalies.
1. Components shall ensure network intrusion detection systems (IDS) are positioned to monitor all VPN Traffic. 2. Refer to DoD or other applicable guidance for proper connection requirements and procedures.
CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
DISA Network Infrastructure STIG, Version 6 Draft, 29 October 2004
DISA Secure Remote Computing STIG, Version 1, Release 1, 14 February 2003
DISA Enclave Security STIG, Version 2, Release 1, 01 July 2004