Kona Site Defender providing content filtering must update malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management policy and procedures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-76435	AKSD-WF-000026	SV-91131r1_rule		Medium

Description
Malicious code protection mechanisms include but are not limited to anti-virus and malware detection software. To minimize any potential negative impact to the organization caused by malicious code, malicious code must be identified and eradicated. Malicious code includes viruses, worms, trojan horses, and spyware.

STIG	Date
Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide	2017-09-15

Details

Check Text ( C-76095r1_chk )
Confirm Kona Site Defender is configured to use the latest rule set to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: 1. Log in to the Akamai Luna Portal (https://control.akamai.com). 2. Click the "Configure" tab. 3. Under the "Security" section, select "Security Configuration". 4. If prompted for which product to use, select "Site Defender" and then "Continue". 5. For the applicable security configuration, click on the tuning status details link under the "Tuning Status" column. If the tuning status does not state "You are using the latest Kona Rule Set version and your security configuration is optimal", this is a finding.

Check Text ( C-76095r1_chk )

Confirm Kona Site Defender is configured to use the latest rule set to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules:

1. Log in to the Akamai Luna Portal (https://control.akamai.com).
2. Click the "Configure" tab.
3. Under the "Security" section, select "Security Configuration".
4. If prompted for which product to use, select "Site Defender" and then "Continue".
5. For the applicable security configuration, click on the tuning status details link under the "Tuning Status" column.

If the tuning status does not state "You are using the latest Kona Rule Set version and your security configuration is optimal", this is a finding.

Fix Text (F-83113r1_fix)
Configure Kona Site Defender to use the latest rule set to block traffic for organizationally defined HTTP protocol violations, HTTP policy violations, SQL injection, remote file inclusion, cross-site scripting, command injection attacks, and any applicable custom rules: Contact the Akamai Professional Services team to implement the changes at 1-877-4-AKATEC (1-877-425-2832).