The ALG that proxies SMTP traffic must inspect inbound and outbound SMTP and Extended SMTP traffic for harmful content.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000512-ALG-000064 | SRG-NET-000512-ALG-000064 | SRG-NET-000512-ALG-000064_rule | Medium |
| Description |
|---|
| Allowing traffic through the ALG without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places the network and destination endpoint at a greater risk of exploitation. An application layer gateway (also called an email proxy or gateway) must be included in the ALG. This ALG will be configured to inspect inbound and outbound SMTP and Extended SMTP traffic to detect spam, phishing, and malformed message attacks. Additionally, SMTP and Extended SMTP traffic must be inspected for harmful content. |
| STIG | Date |
|---|---|
| Application Layer Gateway Security Requirements Guide | 2014-06-27 |
Details
| Check Text ( C-SRG-NET-000512-ALG-000064_chk ) |
|---|
| If the ALG does not proxy SMTP traffic, this is not a finding. Review the ALG configuration and verify implementation of both inbound and outbound traffic for SMTP and Extended SMTP inspection. Verify policy filters exist to inspect SMTP and Extended SMTP traffic for spam, phishing attacks and malformed messages. Verify rules exist to inspect SMTP and Extended SMTP traffic for harmful content. If the ALG does not inspect inbound and outbound SMTP and Extended SMTP traffic, this is a finding. |
| Fix Text (F-SRG-NET-000512-ALG-000064_fix) |
|---|
| Configure the ALG for inbound and outbound traffic for SMTP and Extended SMTP inspection. Inspection must include spam, phishing, and malformed message attacks. The ALG must also inspect SMTP and Extended SMTP traffic for harmful content. |