The firewall implementation must inspect inbound and out bound SMTP and Extended SMTP traffic for harmful content and protocol conformance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37340 | SRG-NET-999999-FW-000170 | SV-49101r1_rule | Medium |
| Description |
|---|
| Allowing traffic through the firewall without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places the network and destination endpoint at a greater risk of exploitation. An application firewall (also called an email proxy or gateway) must be included in the firewall implementation. This firewall will be configured to inspect inbound and outbound SMTP and Extended SMTP traffic to detect spam, phishing, and malformed message attacks. Additionally, SMTP and Extended SMTP traffic must be inspected for protocol conformance. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45588r1_chk ) |
|---|
| Review the firewall configuration and verify implementation of both inbound and outbound traffic for SMTP and Extended SMTP inspection. Verify rules exist to inspect SMTP and Extended SMTP traffic for spam, phishing attacks, and malformed messages. Verify rules exist to inspect SMTP and Extended SMTP traffic for protocol conformance. If the firewall implementation does not inspect inbound and outbound SMTP and Extended SMTP traffic, this is a finding. |
| Fix Text (F-42265r1_fix) |
|---|
| Configure the firewall implementation for inbound and outbound traffic for SMTP and Extended SMTP inspection. Inspection must include spam, phishing, and malformed message attacks. The firewall implementation must also inspect SMTP and Extended SMTP traffic for protocol conformance. |