Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The firewall implementation must inspect inbound and outbound HTTP traffic for protocol conformance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-999999-FW-000181 | SRG-NET-999999-FW-000181 | SRG-NET-999999-FW-000181_rule | Medium |
| Description |
|---|
| Creating a filter to allow a port or service through the firewall without a proxy or content inspection, protocol inspection, and flow control creates a direct connection between the host in the private network and a host on the outside, thereby bypassing additional security measures that could be provided. This places the internal host at a greater risk of exploitation that could make the entire network vulnerable to an attack. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2012-12-10 |
Details
| Check Text ( C-SRG-NET-999999-FW-000181_chk ) |
|---|
| Review the firewall configuration for both ingress and egress traffic. Inspection of HTTP traffic to servers residing in the enclave is required. Inspection of HTTP traffic from clients and servers in the enclave to servers outside the enclave is also required. HTTP inspection will be configured to filter Java applets and ActiveX objects to meet the enclave security policy. Review the security policy with the Information Assurance Officer and look for Java and ActiveX filters if the security policy requires restrictions. If the firewall implementation does not inspect inbound and outbound HTTP traffic for protocol conformance, this is a finding. |
| Fix Text (F-SRG-NET-999999-FW-000181_fix) |
|---|
| Configure the firewall implementation to inspect inbound and outbound HTTP traffic for protocol conformance. |