The DataPower Gateway providing content filtering must be configured to integrate with a system-wide intrusion detection system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-65283 | WSDP-AG-000107 | SV-79773r1_rule | Low |
| Description |
|---|
| Without coordinated reporting between separate devices, it is not possible to identify the true scale and possible target of an attack. Integration of the ALG with a system-wide intrusion detection system supports continuous monitoring and incident response programs. This requirement applies to monitoring at internal boundaries using TLS gateways, web content filters, email gateways, and other types of ALGs. ALGs can work as part of the network monitoring capabilities to off-load inspection functions from the external boundary IDPS by performing more granular content inspection of protocols at the upper layers of the OSI reference model. |
| STIG | Date |
|---|---|
| IBM DataPower ALG Security Technical Implementation Guide | 2016-01-21 |
Details
| Check Text ( C-65911r1_chk ) |
|---|
| In the DataPower web interface, navigate to Administration >> Access >> SNMP Settings. Verify that Trap Event Subscriptions are associated with intrusion detection. Verify that Trap and Notification Targets includes an approved SNMP server that generates alerts that will be forwarded to the system-wide intrusion detection system. If no trap event subscriptions are configured on no SNMP server configured as a target, this is a finding. |
| Fix Text (F-71223r1_fix) |
|---|
| In the DataPower web interface, navigate to Administration >> Access >> SNMP Settings. Configure the "Trap Event Subscriptions" tab to include desired event codes. Set the Notification Targets tab to include an approved SNMP server that generates alerts that will be forwarded to the system-wide intrusion detection system. |