The IPS must only allow authorized devices to change security attributes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000060-IDPS-000010	SRG-NET-000060-IDPS-000010	SRG-NET-000060-IDPS-000010_rule		High

Description
In some implementations, the IPS system may work with the firewalls, routers, or switches to dynamically update or create rules. Changes to the IPS may cause the sensors to miss critical attacks. The IPS sensors are configured to transmit sensor logs using network configuration information. They also may communicate with the Firewall and other network devices. The IPS must have the capability to dynamically reconfigure destination addresses, user privilege assignments, and changes to traffic flow requirements. This requirement is applicable only to IPS implementation allowing external devices to update sensor signatures, rules or other scanning configuration. If unauthorized devices are allowed to update the IPS configuration, information flow and access control attributes may be maliciously changed, thus adversely impacting network availability or gain unauthorized access to the information.

Description

In some implementations, the IPS system may work with the firewalls, routers, or switches to dynamically update or create rules. Changes to the IPS may cause the sensors to miss critical attacks. The IPS sensors are configured to transmit sensor logs using network configuration information. They also may communicate with the Firewall and other network devices. The IPS must have the capability to dynamically reconfigure destination addresses, user privilege assignments, and changes to traffic flow requirements. This requirement is applicable only to IPS implementation allowing external devices to update sensor signatures, rules or other scanning configuration. If unauthorized devices are allowed to update the IPS configuration, information flow and access control attributes may be maliciously changed, thus adversely impacting network availability or gain unauthorized access to the information.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43121_chk )
Applicable only to installations that allow external devices to update management console or sensor rules or other security attributes. Navigate to the network configuration of management console. View the configuration for devices that are allowed to reconfigure or update the IPS components. If unauthorized devices are allowed to change security attributes (IP addresses, sensor configuration, signatures, or rules), this is a finding.

Check Text ( C-43121_chk )

Applicable only to installations that allow external devices to update management console or sensor rules or other security attributes.
Navigate to the network configuration of management console.
View the configuration for devices that are allowed to reconfigure or update the IPS components.

If unauthorized devices are allowed to change security attributes (IP addresses, sensor configuration, signatures, or rules), this is a finding.

Fix Text (F-43121_fix)
Remove unauthorized devices from the configuration of all IPS components.