UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Network IDPS administrator will ensure all Network IDPS systems are installed and operational in stealth mode —no ip address on interface with data flow.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18489 NET-IDPS-001 SV-20024r1_rule DCCS-1 Medium
Description
Administrators should ensure that for both passive and inline sensors, IP addresses are not assigned to the network interfaces used to monitor network traffic. Only networks interfaces used for IDPS management should have an IP address assigned. Operating a sensor without IP addresses assigned to its monitoring interfaces is known as operating in stealth mode. Stealth mode improves the security of the IDPS sensors because it prevents other hosts from initiating connections to them. This conceals the sensors from attackers and thus limits their exposure to attacks. If monitoring is being performed using a switch SPAN port, it is recommended that the IDPS is configured in Stealth Mode; the NIC connected to the SPAN port would not have any network protocol stacks bound to it. A second NIC would then be connected to an OOB network. Stealth mode will reduce the risk of the IDPS itself being attacked.
STIG Date
IDS/IPS Security Technical Implementation Guide 2013-10-08

Details

Check Text ( C-21120r1_chk )
Review the configuration and ensure the interfaces with data flow do not have an IP address.
Fix Text (F-19081r1_fix)
Remove the IP addresses from all interfaces monitoring data flow.