The firewall must uniquely authenticate source domains for information transfer.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-37058	SRG-NET-000025-FW-000024	SV-48819r1_rule		Medium

Description
Identifying source address for information flows within the network allows forensic reconstruction of events when required, and increases policy compliance by attributing policy violations to specific individuals. Means to enforce this enhancement include ensuring the network element authenticates the source involved in sending information. Firewall policies or rules may be configured to allow a source subnet or IP address range, and a possible destination of ANY, but the monitoring, logging, and auditing mechanism must identify the specific source and destination IP addresses and ports/protocols and, if configured, the source and destination DNS. Examples of information transfer for the firewall are communications with the router, IPS, or central logging server. Without unique identifiers, the audit records of these information transfers would not be useful when tracking possible violations.

Description

Identifying source address for information flows within the network allows forensic reconstruction of events when required, and increases policy compliance by attributing policy violations to specific individuals. Means to enforce this enhancement include ensuring the network element authenticates the source involved in sending information. Firewall policies or rules may be configured to allow a source subnet or IP address range, and a possible destination of ANY, but the monitoring, logging, and auditing mechanism must identify the specific source and destination IP addresses and ports/protocols and, if configured, the source and destination DNS. Examples of information transfer for the firewall are communications with the router, IPS, or central logging server. Without unique identifiers, the audit records of these information transfers would not be useful when tracking possible violations.

STIG	Date
Firewall Security Requirements Guide	2013-04-24

Details

Check Text ( C-45351r1_chk )
Review the firewall configuration to verify the firewall uniquely authenticates the source domain (e.g., IP address) of information transfer sessions. If each component is not uniquely authenticated for information transfer sessions, this is a finding.

Fix Text (F-41917r2_fix)
Configure the firewall implementation to uniquely authenticate source domains for information transfer.