Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-237039 | AADC-AG-000047 | SV-237039r639564_rule | Medium |
Description |
---|
A deny-all, permit-by-exception network communications traffic policy ensures that only those connections which are essential and approved are allowed. A virtual server is an instance where the device accepts traffic from outside hosts and redirects traffic to one or more real servers. In keeping with a deny-all, permit-by-exception policy, the services that the device provides to outside hosts must be only those that are necessary, documented, and approved. |
STIG | Date |
---|---|
A10 Networks ADC ALG Security Technical Implementation Guide | 2021-03-25 |
Check Text ( C-40258r639562_chk ) |
---|
Review the configured servers, service groups, and virtual servers. The following command shows information for SLB servers: show slb server The following command shows information for service groups (multiple servers): show slb service-group The following command shows information for virtual servers (the services visible to outside hosts): show slb virtual-server Ask the Administrator for the list of approved services being provided by the device and compare this against the output of the command listed above. If there are more configured virtual servers than are approved, this is a finding. |
Fix Text (F-40221r639563_fix) |
---|
Do not configure a server, service group, or virtual server for any unnecessary or unapproved service. |