The firewall implementation must be configured to log any attempt to a port, protocol, or service that is denied.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-37344 | SRG-NET-999999-FW-000174 | SV-49105r1_rule | Low |
| Description |
|---|
| Auditing and logging are key components of any security architecture. It is essential security personnel know what is being done, attempted to be done, and by whom in order to compile an accurate risk assessment. Auditing the actions on routers provides a means to recreate an attack, or simply identify a configuration mistake of the device. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2013-04-24 |
Details
| Check Text ( C-45592r1_chk ) |
|---|
| Verify all deny or reject statements in the inbound and outbound ACLs specify that dropped packets must generate an entry in the application log. If the firewall implementation does not log deny events for attempts to access ports, protocols, or services, this is a finding. |
| Fix Text (F-42269r1_fix) |
|---|
| Configure the firewall implementation so all deny statements within ingress and egress ACLs have a log statement that follows. |