The firewall implementation must restrict the ability of users to launch DoS attacks against other information systems or networks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000192-FW-000118	SRG-NET-000192-FW-000118	SRG-NET-000192-FW-000118_rule		Medium

Description
The firewall implementation must prevent users from using the firewall to launch a DoS attack. Use of mechanisms that throttle traffic and resources so that attackers cannot generate unlimited traffic via the firewall application can assist in this effort. Firewall log capacity management, along with techniques which prevent the logging of redundant information during an attack, also guard against DoS attacks.

Description

The firewall implementation must prevent users from using the firewall to launch a DoS attack. Use of mechanisms that throttle traffic and resources so that attackers cannot generate unlimited traffic via the firewall application can assist in this effort. Firewall log capacity management, along with techniques which prevent the logging of redundant information during an attack, also guard against DoS attacks.

STIG	Date
Firewall Security Requirements Guide	2012-12-10

Details

Check Text ( C-SRG-NET-000192-FW-000118_chk )
Review the firewall documentation and configuration to determine if the system restricts the ability of users or systems to launch DoS attacks against other information systems or networks from the firewall. If the firewall is not configured to restrict this ability, this is a finding.

Fix Text (F-SRG-NET-000192-FW-000118_fix)
Configure the firewall implementation to restrict the ability of users or other systems to launch DoS attacks against other information systems or networks from the firewall.