The firewall implementation must inspect inbound and outbound FTP traffic for harmful content and protocol conformance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37341 | SRG-NET-999999-FW-000171 | SV-49102r1_rule | Medium |
| Description |
|---|
| Allowing traffic through the firewall without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places the network and destination endpoint at a greater risk of exploitation. An application firewall (also called a proxy or gateway) must be included in the firewall implementation. FTP traffic must be inspected for harmful or malformed traffic. Additionally, FTP traffic must be inspected for protocol conformance. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45589r1_chk ) |
|---|
| Review the firewall configuration and verify FTP traffic is inspected. Verify the firewall is configured to perform the following: drop any connections with embedded commands; drop truncated commands; provide command and reply spoofing; drop invalid port negotiations; and protect FTP servers from buffer overflow attacks. Verify rules exist to inspect FTP traffic for protocol conformance. If the firewall implementation does not drop FTP connections containing harmful or malformed traffic, this is a finding. |
| Fix Text (F-42266r1_fix) |
|---|
| Configure the firewall implementation to inspect FTP traffic and perform the following: drop any connections with embedded commands; drop truncated commands; provide command and reply spoofing; drop invalid port negotiations; and protect FTP servers from buffer overflow attacks. Additionally, inspect FTP traffic for protocol conformance. |