UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS management console, management server, or data management console server must reside in the management network (in-band.)


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000018-IDPS-000043 SRG-NET-000018-IDPS-000043 SRG-NET-000018-IDPS-000043_rule Medium
Description
Sensors and agents monitor and analyze activity. The term sensor is typically used for the IDPS that monitor networks, including network-based, wireless, and network behavior analysis technologies. The term agent is typically used for host-based IDPS technologies. A management server is a centralized device that receives information from the sensors or agents and manages them. Some management servers perform analysis on the event information that the sensors or agents provide and can identify events that the individual sensors or agents cannot. Matching event information from multiple sensors or agents, such as finding events triggered by the same IP address is known as correlation. Management servers are available as both appliance and software-only products. Some small IDPS deployments do not use any management servers, but most IDPS deployments do. In larger IDPS deployments, there are often multiple management servers, and in some cases there are two tiers of management servers. If the management console is placed on a user segment, management information may be intercepted.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43161_chk )
Verify the IP address of the IDPS console is on the management subnet.

If the IP address for the management console is not on the management network, this is a finding.
Fix Text (F-43161_fix)
Move the IDPS servers, databases and consoles to the management network.
Reconfigure the interfaces with an IP address that is in the management network range.