UCF STIG Viewer Logo

The IDPS must allow only in-band management sessions from authorized IP addresses from the internal network.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000018-IDPS-000042 SRG-NET-000018-IDPS-000042 SRG-NET-000018-IDPS-000042_rule Medium
Description
Information flow control regulates where information is allowed to travel within a network and between interconnected networks. The flow of all network traffic must be monitored and controlled so it does not introduce any unacceptable risk to the network infrastructure or data. Remote administration is inherently dangerous because anyone with a sniffer and access to the right LAN segment can acquire the device account and password information. With intercepted information an attacker could gain access to the infrastructure and cause denial of service attacks, intercept sensitive information, or perform other destructive actions.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43160_chk )
Verify the IDPS is configured with an ACL allowing the listing of allowed IP addresses from which management sessions are permitted.
Verify the ACL is set for deny-by-default for all management console connections not explicitly allowed.
Verify the allowed IP addresses are from the internal network.

If in-band management is allowed from IP addresses which are not explicitly allowed, this is a finding.
Fix Text (F-43160_fix)
Configure the IDPS sensors to allow only in-band remote management connections.
Configure an ACL listing for allowed IP addresses for non-local management console access.
Configure the ACL for deny-by-default.