Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18525 | NET-SRVFRM-005 | SV-20064r1_rule | EBBD-1 | Medium |
Description |
---|
Most current applications are deployed as a multi-tier architecture. The multi-tier model uses separate server machines to provide the different functions of presentation, business logic, and database. Multi-tier server farms provide added security because a compromised web server does not provide direct access to the application itself or to the database. The multi-tier separation is accomplished in several architectures, by a layer 2 switch, by a layer3 switch/router or by a firewall located at the server farm. Using the firewall implementation is the most secure method and is the only approved DoD architecture. Firewalls get packets from VLAN-supporting switches complete with 802.1Q tags in their headers. What the VLAN-aware firewall can do is extract the tags and use the information within the tags to make policy-based security decisions. |
STIG | Date |
---|---|
Firewall Security Technical Implementation Guide - Cisco | 2015-09-18 |
Check Text ( C-21300r1_chk ) |
---|
Identify the VLAN IP subnet and determine if the subnet passes content inspect by a firewall capable on content inspection. |
Fix Text (F-19128r1_fix) |
---|
Configure the firewall to inspect traffic content to and from the server farm. |