UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must implement signatures that detect specific attacks and protocols that should not be seen on the segments containing web servers.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000237-IDPS-000194 SRG-NET-000237-IDPS-000194 SRG-NET-000237-IDPS-000194_rule Medium
Description
In the Regional Enterprise Enclave different sets of sensors will see different traffic as a result of their location within the regional enclave. By establishing separate signature profiles for each set of sensors, each profile can then be tuned to generate alarms based on the traffic types seen, the attack signatures, and the specific traffic (string signatures) relevant to each sensor group. If more than one sensor group sees the same traffic types, then the same signature profile may be used for both sets. Alerting on specific connection signatures, general attack signatures, and specific string signatures provides focused segment analysis at Layers 4. The sensor monitoring the web server will be configured for application inspection and control of all web ports (e.g. 80, 3128, 8000, 8010, 8080, 8888, 24326, etc.). The sensor monitoring the web servers must monitor and control web traffic not received on web ports. This process is called port redirection. In many implementations port redirection is a separate signature to be installed.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43347_chk )
Verify all network segments with web servers installed are monitored by one or more sensors. Verify signatures are installed for application inspection and control of all web ports. Verify signatures are installed to monitor and analyze application traffic that uses port redirection.

If the IDPS sensor is not configured to perform application inspection and control of all web ports, this is a finding.
Fix Text (F-43347_fix)
Install one or more sensors to monitor all network segments with web servers installed. Verify signatures are installed for application inspection and control of all web ports. Install signatures to monitor and analyze application traffic that uses port redirection.
Review and tune all signatures that are specifically tailored to detect vulnerabilities in web servers.