UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The application server must restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-35654 SRG-APP-000246-AS-NA SV-46941r1_rule Medium
Description
When it comes to DoS attacks most of the attention is paid to ensuring that systems and applications are not victims of these attacks. While it is true that those accountable for systems want to ensure they are not affected by a DoS attack, they also need to ensure their systems and applications are not used to launch such an attack against others. To that extent, a variety of technologies exist to limit, or in some cases, eliminate the effects of DoS attacks. For example, boundary protection devices can filter certain types of packets to protect devices from being directly affected by DoS attacks. Limiting system resources that are allocated to any user to a bare minimum may also reduce the ability of users to launch some DoS attacks. Applications and application developers must take the steps needed to ensure that users cannot use these applications to launch DoS attacks against other systems and networks. An example would be designing applications to include mechanisms that throttle network traffic so that users are not able to generate unlimited network traffic via the application. The methods employed to counter this risk will be dependent upon the potential application layer methods that can be used to exploit it. This is an application layer requirement. The AS itself is not designed to throttle traffic or to be placed at a boundary. This role is better met with an XML firewall.
STIG Date
Application Server Security Requirements Guide 2013-01-08

Details

Check Text ( C-43996r1_chk )
The requirement is NA for the AS SRG.
Fix Text (F-40196r1_fix)
The requirement is NA. No fix is required.