UCF STIG Viewer Logo

The IDPS must protect the enclave from malware and unexpected traffic by using TCP reset signatures.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000244-IDPS-000226 SRG-NET-000244-IDPS-000226 SRG-NET-000244-IDPS-000226_rule Medium
Description
By listening to the conversation flow of inbound and outbound internet traffic for malware and malware references, the IDPS can prevent unwanted programs entering into the enclave. When it detects unmanaged instant messaging and peer-to-peer protocols or malware coming over IM, the IDPS can prevent the unwanted computer programs from entering the network by spoofing the source and destination machine addresses to send each session partner a TCP reset packet. The TCP reset instructs both sender and receiver to cease the current transfer of data.
STIG Date
IDPS Security Requirements Guide (SRG) 2012-03-08

Details

Check Text ( C-43390_chk )
Identify the signatures or rules that forces TCP resets at the perimeter and in front of DMZ server segments when malware and unexpected traffic is identified in the network.

If the IDPS is not configured to use TCP reset signatures when malware or unexpected traffic events are detected, this is a finding.
Fix Text (F-43390_fix)
Configured a rule or install a signature to use TCP reset signatures when malware or unexpected traffic events are detected.