The firewall implementation must protect against or limit the effects of denial of service attacks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-37221	SRG-NET-000191-FW-000110	SV-48982r1_rule		High

Description
This control requires denial of service protection for the firewall application. A denial of service attack against the firewall can leave the network without a vital security protection, leaving the network open to attack. Use of multiple/distributed firewalls, load balancers, increasing log capacity, and providing service redundancy will reduce the firewall's susceptibility to denial of service attacks directed at the firewalls themselves or at other information systems on the network.

Description

This control requires denial of service protection for the firewall application. A denial of service attack against the firewall can leave the network without a vital security protection, leaving the network open to attack. Use of multiple/distributed firewalls, load balancers, increasing log capacity, and providing service redundancy will reduce the firewall's susceptibility to denial of service attacks directed at the firewalls themselves or at other information systems on the network.

STIG	Date
Firewall Security Requirements Guide	2013-04-24

Details

Check Text ( C-45529r1_chk )
Verify the firewall implementation includes configurations which limit or protect against the effects of denial of service attacks (e.g., multiple/distributed firewalls, load balancers, increasing log capacity, and/or service redundancy). If the firewall implementation is not configured to protect against or limit the effects of denial of service attacks, this is a finding.

Fix Text (F-42159r1_fix)
Configure the firewall implementation to protect against or limit the effects of denial of service attacks by implementing risk mitigation solutions (e.g., multiple/distributed firewalls, load balancers, increasing log capacity, and/or providing service redundancy).