The firewall implementation must implement NAT to ensure endpoint internal IPv4 addresses are not visible to external untrusted networks.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37338 | SRG-NET-999999-FW-000168 | SV-49099r1_rule | Low |
| Description |
|---|
| Network Address Translation (NAT) works well with the implementation of RFC 1918 addressing scheme. It also has the privacy benefit of hiding real internal addresses. An attacker can learn more about a site's private network once the real IP addresses of the hosts within have been discovered. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45586r1_chk ) |
|---|
| If NAT is implemented on the premise router, this is not a finding. Review the firewall or premise router configuration to determine if NAT has been implemented. If NAT is not implemented on the firewall, this is a finding. |
| Fix Text (F-42263r1_fix) |
|---|
| Implement NAT on the firewall or premise router for NIPRNet enclaves. |