The firewall implementation must inspect ingress and egress SMTP and Extended SMTP traffic to detect spam, phishing, and malformed message attacks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-999999-FW-000179 | SRG-NET-999999-FW-000179 | SRG-NET-999999-FW-000179_rule | Medium |
| Description |
|---|
| Creating a filter to allow a port or service through the firewall without a proxy or content inspection, protocol inspection, and flow control creates a direct connection between the host in the private network and a host on the outside, thereby bypassing additional security measures that could be provided. This places the internal host at a greater risk of exploitation that could make the entire network vulnerable to an attack. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-999999-FW-000179_chk ) |
|---|
| Review the firewall configuration and verify implementation of both inbound and outbound traffic for SMTP Extended SMTP inspection. SMTP and Extended SMTP inspection will be configured to detect spam, phishing and malformed message attacks. If the firewall implementation does not inspect inbound and outbound SMTP and Extended SMTP traffic to detect spam, phishing, and malformed message attacks, this is a finding. |
| Fix Text (F-SRG-NET-999999-FW-000179_fix) |
|---|
| Configure the firewall implementation for both ingress and egress traffic for SMTP and Extended SMTP inspection. |