The IDPS must limit and reserve bandwidth based on the priority of the traffic type.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000194-IDPS-000202 | SRG-NET-000194-IDPS-000202 | SRG-NET-000194-IDPS-000202_rule | Medium |
| Description |
|---|
| Different applications have unique requirements and tolerance levels for delay, jitter, bandwidth, packet loss, and availability. To manage the multitude of applications and services, a network requires a QoS framework. This framework differentiates traffic types and provides a method of avoiding and managing network congestion. A QoS implementation categorizes network traffic into classes and provides priority treatment based on the classification. If QoS is not implemented, network congestion occurs causing poor network service because all traffic has an equal chance of being dropped. An additional IDPS component, a load balancer, is recommended for use with larger networks. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43359_chk ) |
|---|
| Look at the network diagram and see if and where load balancers are place in the architecture. Examine the configuration of the load balancer. Verify it is configured to reserve bandwidth based on priority of the traffic type. If the IDPS is not configured to limit and reserve bandwidth based on priority of the traffic type, this is a finding. |
| Fix Text (F-43359_fix) |
|---|
| Configure load balancer to limit and conserve bandwidth based on priority of the traffic type. |