Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The IDPS must protect the enclave from malware and unexpected traffic by using TCP reset signatures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000244-IDPS-000226 | SRG-NET-000244-IDPS-000226 | SRG-NET-000244-IDPS-000226_rule | Medium |
| Description |
|---|
| By listening to the conversation flow of inbound and outbound internet traffic for malware and malware references, the IDPS can prevent unwanted programs entering into the enclave. When it detects unmanaged instant messaging and peer-to-peer protocols or malware coming over IM, the IDPS can prevent the unwanted computer programs from entering the network by spoofing the source and destination machine addresses to send each session partner a TCP reset packet. The TCP reset instructs both sender and receiver to cease the current transfer of data. |
| STIG | Date |
|---|---|
| IDPS Security Requirements Guide (SRG) | 2012-03-08 |
Details
| Check Text ( C-43390_chk ) |
|---|
| Identify the signatures or rules that forces TCP resets at the perimeter and in front of DMZ server segments when malware and unexpected traffic is identified in the network. If the IDPS is not configured to use TCP reset signatures when malware or unexpected traffic events are detected, this is a finding. |
| Fix Text (F-43390_fix) |
|---|
| Configured a rule or install a signature to use TCP reset signatures when malware or unexpected traffic events are detected. |