The Network IDPS administrator will ensure all Network IDPS systems are installed and operational in stealth mode —no ip address on interface with data flow.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-18489 | NET-IDPS-001 | SV-20024r1_rule | DCCS-1 | Medium |
| Description |
|---|
| Administrators should ensure that for both passive and inline sensors, IP addresses are not assigned to the network interfaces used to monitor network traffic. Only networks interfaces used for IDPS management should have an IP address assigned. Operating a sensor without IP addresses assigned to its monitoring interfaces is known as operating in stealth mode. Stealth mode improves the security of the IDPS sensors because it prevents other hosts from initiating connections to them. This conceals the sensors from attackers and thus limits their exposure to attacks. If monitoring is being performed using a switch SPAN port, it is recommended that the IDPS is configured in Stealth Mode; the NIC connected to the SPAN port would not have any network protocol stacks bound to it. A second NIC would then be connected to an OOB network. Stealth mode will reduce the risk of the IDPS itself being attacked. |
| STIG | Date |
|---|---|
| IDS/IPS Security Technical Implementation Guide | 2013-10-08 |
Details
| Check Text ( C-21120r1_chk ) |
|---|
| Review the configuration and ensure the interfaces with data flow do not have an IP address. |
| Fix Text (F-19081r1_fix) |
|---|
| Remove the IP addresses from all interfaces monitoring data flow. |