The firewall implementation must employ malicious code protection mechanisms to detect and block malicious code at the network perimeter.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-37314	SRG-NET-000244-FW-000144	SV-49075r1_rule		Medium

Description
The organization must employ malicious code protection mechanisms at information system entry and exit points. This protection must detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or inserted through the exploitation of information system vulnerabilities. Malicious code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. It also has the ability to run and attach programs, which provides a high risk potential for the distribution of malicious mobile code. Malicious code can be transported by electronic mail, mail attachments, web accesses, and removable media. Malicious code includes viruses, worms, Trojan horses, and spyware. While the firewall cannot replace anti-virus or HIDS protection installed on the network's endpoints, firewall ACLs or policy filters can be implemented which provide preemptive defense against both known and zero day vulnerabilities. Many of the protections may provide defenses before vulnerabilities are discovered and ACLs or policy filters or blacklist updates are distributed by anti-virus or malicious code solution vendors.

Description

The organization must employ malicious code protection mechanisms at information system entry and exit points. This protection must detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or inserted through the exploitation of information system vulnerabilities. Malicious code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. It also has the ability to run and attach programs, which provides a high risk potential for the distribution of malicious mobile code. Malicious code can be transported by electronic mail, mail attachments, web accesses, and removable media. Malicious code includes viruses, worms, Trojan horses, and spyware. While the firewall cannot replace anti-virus or HIDS protection installed on the network's endpoints, firewall ACLs or policy filters can be implemented which provide preemptive defense against both known and zero day vulnerabilities. Many of the protections may provide defenses before vulnerabilities are discovered and ACLs or policy filters or blacklist updates are distributed by anti-virus or malicious code solution vendors.

STIG	Date
Firewall Security Requirements Guide	2013-04-24

Details

Check Text ( C-45562r1_chk )
Review the ACLs or policy filters of the firewall. Verify malicious code protection mechanisms are implemented to detect and eradicate malicious code at the network perimeter (e.g., blacklists, whitelists, malware protection, and behavior analysis). If the firewall implementation does not employ malicious code protection mechanisms to detect and eradicate malicious code at the network perimeter, this is a finding.

Check Text ( C-45562r1_chk )

Review the ACLs or policy filters of the firewall. Verify malicious code protection mechanisms are implemented to detect and eradicate malicious code at the network perimeter (e.g., blacklists, whitelists, malware protection, and behavior analysis).

If the firewall implementation does not employ malicious code protection mechanisms to detect and eradicate malicious code at the network perimeter, this is a finding.

Fix Text (F-42239r1_fix)
Configure the firewall implementation to employ malicious code protection mechanisms to detect and eradicate malicious code at the network perimeter (e.g., blacklists, whitelists, malware protection, and behavior analysis).