EBVC-1

EBVC-1 VPN Controls

Overview

All VPN traffic is visible to network intrusion detection systems (IDS).

MAC / CONF	Impact	Subject Area
MACI MACII MACIII	Medium	Enclave Boundary Defense

Details

Threat
The use of VPN creates an environment where network traffic travels in and out of physical network boundaries. Albeit relatively secure, allowing VPN connections introduces a point of entry into a network. This tunnel into a system creates the potential for unauthorized and unwanted traffic entering or leaving the core network. Ensuring all VPN traffic is visible to network IDS enables components to monitor this connection for anomalies.

Threat

The use of VPN creates an environment where network traffic travels in and out of physical network boundaries. Albeit relatively secure, allowing VPN connections introduces a point of entry into a network. This tunnel into a system creates the potential for unauthorized and unwanted traffic entering or leaving the core network. Ensuring all VPN traffic is visible to network IDS enables components to monitor this connection for anomalies.

Guidance
1. Components shall ensure network intrusion detection systems (IDS) are positioned to monitor all VPN Traffic. 2. Refer to DoD or other applicable guidance for proper connection requirements and procedures.

References

CJCSM 6510.01, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 10 August 2004
DISA Network Infrastructure STIG, Version 6 Draft, 29 October 2004
DISA Secure Remote Computing STIG, Version 1, Release 1, 14 February 2003
DISA Enclave Security STIG, Version 2, Release 1, 01 July 2004