UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DataPower Gateway providing content filtering must continuously monitor outbound communications traffic crossing internal security boundaries for unusual/unauthorized activities or conditions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-65291 WSDP-AG-000112 SV-79781r1_rule Medium
Description
If outbound communications traffic is not continuously monitored, hostile activity may not be detected and prevented. Output from application and traffic monitoring serves as input to continuous monitoring and incident response programs. Internal monitoring includes the observation of events occurring on the network crosses internal boundaries at managed interfaces such as web content filters. Depending on the type of ALG, organizations can monitor information systems by monitoring audit activities, application access patterns, characteristics of access, content filtering, or unauthorized exporting of information across boundaries. Unusual/unauthorized activities or conditions may include large file transfers, long-time persistent connections, unusual protocols and ports in use, and attempted communications with suspected malicious external addresses.
STIG Date
IBM DataPower ALG Security Technical Implementation Guide 2016-01-21

Details

Check Text ( C-65919r1_chk )
Verify a service, such as a MultiProtocol Gateway, by clicking the icon on the Control Panel.

Click the name of the service in the list >> Set the Name and back end destination for the service.

Under MultiProtocol Gateway Policy, click “...” to inspect the Policy >> Verify one Rule Direction is set to Client to Server.

Double-click the existing Match Action on the rule line and verify it is set default-accept-service providers.

Double-click the Validate action >> Verify that it is set to a schema file.

Upload the necessary schema definition file to the action >> Click Done.

Double-click the AAA action to open it >> Click “...” to inspect the AAA Policy >> Follow the wizard steps to review the desired policy.

When done, click cancel.

Verify one Rule Direction is set to Server to Client.

Double-click the existing Match Action on the rule line and verify it is set default-accept-service providers.

Double-click the Validate action >> Verify that it is set to a schema file.

Double-click the AAA action to open it >> Click “...” to inspect the AAA Policy >> Follow the wizard steps to review the desired policy.

When done, click cancel.

Click Cancel or Close Window to close the Policy.

If these items have not been configured, this is a finding.
Fix Text (F-71231r1_fix)
Create a new service, such as a MultiProtocol Gateway, by clicking the icon on the Control Panel.

Click Add to create a new service >> Set the Name and back end destination for the service.

Under MultiProtocol Gateway Policy, click “+” to create a new Policy >> Provide a name for the Policy >> Click New Rule >> Set the Rule Direction to Client to Server >> Double-click the existing Match Action on the rule line and select default-accept-service providers >> Drag the Validate action down onto the processing line >> Double-click the action.

Upload the necessary schema definition file to the action >> Click Done.

Drag the AAA action onto the processing line after the Validate action >> Double-click the action to open it >> Click “+” to create a new AAA Policy >> Follow the wizard steps to create the desired policy.

When done, close the action >> Click Apply to complete the Policy.

Click New Rule >> Set the direction to Server to Client >> Double-click the existing Match Action on the rule line and select default-accept-service providers >> Drag the Validate action down onto the processing line >> Double-click the action.

Upload the necessary schema definition file to the action >> Click Done.

Drag the AAA action onto the processing line after the Validate action >> Double-click the action to open it. Click “+” to create a new AAA Policy >> Follow the wizard steps to create the desired policy.

When done, close the action >> Click Apply to complete the Policy.

Complete the Gateway configuration by clicking Apply.