The IDPS must manage excess bandwidth to limit the effects of packet flooding types of Denial of Service (DoS) attacks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000193-IDPS-NA	SRG-NET-000193-IDPS-NA	SRG-NET-000193-IDPS-NA_rule		Medium

Description
An IDPS experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering resulting in route flapping and eventually black hole production traffic. The device must be configured to contain and limit a DoS attack's effect on the device's resource utilization. HIDS is not within the scope of this document.

Description

An IDPS experiencing a DoS attack will not be able to handle production traffic load. The high utilization and CPU caused by a DoS attack will also have an effect on control keep-alives and timers used for neighbor peering resulting in route flapping and eventually black hole production traffic. The device must be configured to contain and limit a DoS attack's effect on the device's resource utilization. HIDS is not within the scope of this document.

STIG	Date
IDPS Security Requirements Guide (SRG)	2012-03-08

Details

Check Text ( C-43357_chk )
This requirement does not apply to IDPS.

Fix Text (F-43357_fix)
Not applicable for IDPS. No fix required.