The IDPS must authenticate an organizationally defined list of specific devices by device type before establishing a connection.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000148-IDPS-000139 | SRG-NET-000148-IDPS-000139 | SRG-NET-000148-IDPS-000139_rule | Low |
| Description |
|---|
| An IDPS must have a level of trust with any node wanting to connect to it. The remote node could be a host device requiring a layer 2 connection to the network or a router wanting to peer as a neighbor and establish a connection to exchange control plane and forwarding plane traffic. A network control plane is comprised of routing, signaling, and link management protocols; all used to establish the forwarding paths required by the data plane. Disrupting the flow of this information or injecting false information breaks down the integrity or believability of path information. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43277_chk ) |
|---|
| Verify sensor communications to network elements (e.g., sensors, management consoles, routers, syslog servers, and forensics servers) are configured to establish authentication using a unique identifier. Verify authentication is, in part, based on a list of authorized device types. If communications between the IDPS and network elements must be based on a list of authorized device types, this is a finding. |
| Fix Text (F-43277_fix) |
|---|
| Configure the IDPS to authenticate based on a list of authorized device types. |