The firewall implementation must enforce requirements for remote connections to the network.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000068-FW-000050 | SRG-NET-000068-FW-000050 | SRG-NET-000068-FW-000050_rule | Medium |
| Description |
|---|
| Remote access services enable users outside of the enclave (external interface) to have access to data and services within the private network. Enabling access to the network from outside introduces security risks which must be addressed through implementation of strict controls and procedures, such as authentication and defining what resources can be accessed. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000068-FW-000050_chk ) |
|---|
| Review the policy that is pushed to the remote clients. The policy should enforce requirements including the following: preventing the saving of user passwords on the client device, disallowing split-tunneling to ensure traffic from remote clients traverses the tunnel to the firewall, and ensuring client devices require a firewall. If requirements for remote connections to the network are not enforced, this is a finding. |
| Fix Text (F-SRG-NET-000068-FW-000050_fix) |
|---|
| Configure the firewall implementation to push a policy to remote clients. The policy should enforce requirements including the following: preventing the saving of user passwords on the client device, disallowing split-tunneling to ensure traffic from remote clients traverses the tunnel to the firewall, and ensuring client devices require a firewall. |