The IDPS must allow only authorized administrators to change security attributes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000058-IDPS-000006	SRG-NET-000058-IDPS-000006	SRG-NET-000058-IDPS-000006_rule		High

Description
System administrators of the IDPS system can reconfigure the rules and redirect traffic. If an unauthorized user gains access and then modifies the configuration, this could adversely impact the operation and availability of the entire network and all users. Malicious configuration changes may cause the sensors to miss critical attacks. If unauthorized individuals have permission to change security attributes, then unauthorized individuals may compromise information flow and access control attributes, thus adversely impacting network availability or gain unauthorized access to the information.

Description

System administrators of the IDPS system can reconfigure the rules and redirect traffic. If an unauthorized user gains access and then modifies the configuration, this could adversely impact the operation and availability of the entire network and all users. Malicious configuration changes may cause the sensors to miss critical attacks. If unauthorized individuals have permission to change security attributes, then unauthorized individuals may compromise information flow and access control attributes, thus adversely impacting network availability or gain unauthorized access to the information.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43117_chk )
Obtain a list of authorized IDPS system administrators. Ask the site representative if all system administrators have the same access privileges (authorization levels.) Review the user groups in the user account management function. Verify only authorized IDPS system administrators have privileges to change security attributes for users, sensors, and system files. If unauthorized users have access to the IDPS management console or sensors, this is a finding. If system administrator accounts all have the same privileges, but this is not required, this is a finding.

Check Text ( C-43117_chk )

Obtain a list of authorized IDPS system administrators.
Ask the site representative if all system administrators have the same access privileges (authorization levels.)
Review the user groups in the user account management function.
Verify only authorized IDPS system administrators have privileges to change security attributes for users, sensors, and system files.

If unauthorized users have access to the IDPS management console or sensors, this is a finding. If system administrator accounts all have the same privileges, but this is not required, this is a finding.

Fix Text (F-43117_fix)
Configure rights and permissions for system administrators so only authorized IDPS administrators can change security attributes. Limit system administrators not authorized to change security attributes (e.g., session of packet identifiers; source and destination IP addresses; protocol identifiers; traffic classification based on QoS markings for preferred treatment; or VLAN identification) to just the access that is needed to perform their duties.

Fix Text (F-43117_fix)

Configure rights and permissions for system administrators so only authorized IDPS administrators can change security attributes.
Limit system administrators not authorized to change security attributes (e.g., session of packet identifiers; source and destination IP addresses; protocol identifiers; traffic classification based on QoS markings for preferred treatment; or VLAN identification) to just the access that is needed to perform their duties.