UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The ALG that proxies HTTP traffic must inspect inbound and outbound HTTP and HTTPS traffic for harmful content.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000512-ALG-000066 SRG-NET-000512-ALG-000066 SRG-NET-000512-ALG-000066_rule Medium
Description
Allowing traffic through the ALG without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places the network and destination endpoint at a greater risk of exploitation.
STIG Date
Application Layer Gateway Security Requirements Guide 2014-06-27

Details

Check Text ( C-SRG-NET-000512-ALG-000066_chk )
If the ALG does not proxy HTTP or HTTPS traffic, this is not a finding.

Review the ALG configuration for both inbound and outbound traffic for harmful content and protocol conformance.
Verify inspection of HTTP and HTTPS traffic destined for servers residing in the enclave.

Verify inspection of HTTP and HTTPS traffic from clients and servers in the enclave to servers outside the enclave.

If the ALG does not inspect inbound and outbound HTTP and HTTPS traffic for harmful content, this is a finding.
Fix Text (F-SRG-NET-000512-ALG-000066_fix)
Configure the ALG to inspect inbound and outbound HTTP and HTTPS traffic for harmful content.