The firewall implementation must enforce strict adherence to protocol format.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000200-FW-0000124 | SRG-NET-000200-FW-0000124 | SRG-NET-000200-FW-0000124_rule | Medium |
| Description |
|---|
| Crafted packets not conforming to Institute of Electrical and Electronics Engineers (IEEE) standards can be used by attackers to exploit a host's protocol stack to create a DoS or force a device reset, to bypass security gateway filtering, or to compromise a vulnerable device. It is imperative these packets are recognized and discarded at the network perimeter. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-000200-FW-0000124_chk ) |
|---|
| Inspect the policy filters configured on the firewall. Verify policy filters exist that monitor for valid formation of protocol formats. Verify an enforcement action is taken for disallowed or malformed protocol formats. If policy filters that monitor and enforce protocol formats are not installed, this is a finding. |
| Fix Text (F-SRG-NET-000200-FW-0000124_fix) |
|---|
| Implement policy filters to prevent the use of disallowed or malformed protocol formats. |