The ALG must be configured to perform real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000248-ALG-000133	SRG-NET-000248-ALG-000133	SRG-NET-000248-ALG-000133_rule		Medium

Description
Malicious code includes viruses, worms, Trojan horses, and Spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. Malicious code may also be able to run and attach programs, which may allow the unauthorized distribution of malicious mobile code. Once this code is installed on endpoints within the network, unauthorized users may be able to breach firewalls and gain access to sensitive data. To guard against malicious code, real-time scans must be performed on files from external sources as they are downloaded and prior to being opened or executed. This requirement is limited to ALGs, web content filters, and packet inspection firewalls that perform malicious code detection as part of their functionality.

Description

Malicious code includes viruses, worms, Trojan horses, and Spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. Malicious code may also be able to run and attach programs, which may allow the unauthorized distribution of malicious mobile code. Once this code is installed on endpoints within the network, unauthorized users may be able to breach firewalls and gain access to sensitive data. To guard against malicious code, real-time scans must be performed on files from external sources as they are downloaded and prior to being opened or executed. This requirement is limited to ALGs, web content filters, and packet inspection firewalls that perform malicious code detection as part of their functionality.

STIG	Date
Application Layer Gateway Security Requirements Guide	2014-06-27

Details

Check Text ( C-SRG-NET-000248-ALG-000133_chk )
If the ALG does not perform malicious code detection as part of their functionality, this is not a finding. Verify the ALG performs real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed. If the ALG does not perform real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed, this is a finding.

Check Text ( C-SRG-NET-000248-ALG-000133_chk )

If the ALG does not perform malicious code detection as part of their functionality, this is not a finding.

Verify the ALG performs real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed.

If the ALG does not perform real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed, this is a finding.

Fix Text (F-SRG-NET-000248-ALG-000133_fix)
Configure the ALG to perform real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed.