The firewall implementation must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of DoS attacks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000193-FW-000119 | SRG-NET-000193-FW-000119 | SRG-NET-000193-FW-000119_rule | Medium |
| Description |
|---|
| Managing excess capacity ensures that sufficient capacity is available to counter flooding attacks. Managing excess capacity may include establishing selected usage priorities, quotas, or partitioning. The device must be configured to contain and limit a DoS attack's effect on the device's resource utilization. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000193-FW-000119_chk ) |
|---|
| Review the firewall documentation and configuration to determine if excess capacity and bandwidth are managed, and if redundancy is built into the system to limit the effects of information flooding types of DoS attacks on the firewall. If excess capacity and bandwidth are not managed, or redundancy is not built into the architecture, this is a finding. |
| Fix Text (F-SRG-NET-000193-FW-000119_fix) |
|---|
| Configure the firewall implementation to manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of DoS attacks. |