The firewall must be configured to allow authorized users to record a packet capture based IP, traffic type (TCP, UDP, or ICMP), or protocol.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-79433 | SRG-NET-000399-FW-000008 | SV-94139r1_rule | Medium |
| Description |
|---|
| Without the ability to capture, record, and log content related to a user session, investigations into suspicious user activity would be hampered. This configuration ensures the ability to select specific sessions to capture in order to support general auditing/incident investigation or to validate suspected misuse. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2018-12-24 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (None) |
|---|
| None |