The firewall implementation must inspect inbound and outbound HTTP traffic for harmful content and protocol conformance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37342 | SRG-NET-999999-FW-000172 | SV-49103r1_rule | Medium |
| Description |
|---|
| Allowing traffic through the firewall without inspection creates a direct connection between the host in the private network and a host on the outside. This bypasses security measures and places the network and destination endpoint at a greater risk of exploitation. An application firewall (also called a proxy or gateway) must be included in the firewall implementation. HTTP traffic must be inspected for harmful or malformed traffic. Additionally, HTTP traffic must be inspected for protocol conformance. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45590r1_chk ) |
|---|
| Review the firewall configuration for both inbound and outbound traffic for both harmful content and protocol conformance. Verify inspection of HTTP traffic destined for servers residing in the enclave. Verify inspection of HTTP traffic from clients and servers in the enclave to servers outside the enclave. Verify the firewall is configured to filter Java applets and ActiveX objects to meet the enclave security policy. Review the security policy with the Information Assurance Officer and look for Java and ActiveX filters if the security policy requires restrictions. If the firewall implementation does not inspect inbound and outbound HTTP traffic for protocol conformance, this is a finding. |
| Fix Text (F-42267r1_fix) |
|---|
| Configure the firewall implementation to inspect inbound and outbound HTTP traffic for both harmful content and protocol conformance. |