Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The ALG that proxies HTTP traffic must inspect inbound and outbound HTTP and HTTPS traffic for harmful content.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000512-ALG-000066 | SRG-NET-000512-ALG-000066 | SRG-NET-000512-ALG-000066_rule | Medium |
| Description |
|---|
| Allowing traffic through the ALG without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places the network and destination endpoint at a greater risk of exploitation. |
| STIG | Date |
|---|---|
| Application Layer Gateway Security Requirements Guide | 2014-06-27 |
Details
| Check Text ( C-SRG-NET-000512-ALG-000066_chk ) |
|---|
| If the ALG does not proxy HTTP or HTTPS traffic, this is not a finding. Review the ALG configuration for both inbound and outbound traffic for harmful content and protocol conformance. Verify inspection of HTTP and HTTPS traffic destined for servers residing in the enclave. Verify inspection of HTTP and HTTPS traffic from clients and servers in the enclave to servers outside the enclave. If the ALG does not inspect inbound and outbound HTTP and HTTPS traffic for harmful content, this is a finding. |
| Fix Text (F-SRG-NET-000512-ALG-000066_fix) |
|---|
| Configure the ALG to inspect inbound and outbound HTTP and HTTPS traffic for harmful content. |