UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Network administrator will implement signatures that detect specific attacks and protocols that should not be seen on the segments containing web servers.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18508 NET-IDPS-006 SV-20043r1_rule Medium
Description
In the Regional Enterprise Enclave different sets of sensors will see different traffic as a result of their location within the regional enclave. By establishing separate signature profiles for each set of sensors, each profile can then be tuned to generate alarms based on the traffic types seen, the attack signatures, and the specific traffic (string signatures) that is relevant to that particular set of sensors. If more than one set of sensors will see the same traffic types, then the same signature profile may be used for both sets. Alerting on specific connection signatures, general attack signatures, and specific string signatures provides focused segment analysis at Layers 4 through 7. The IDPS system administrator will ensure the sensor monitoring the web servers is configured for application inspection and control of all web ports e.g. 80, 3128, 8000, 8010, 8080, 8888, 24326, etc. The sensor monitoring the web servers should be capable of inspecting web traffic that is not received on web ports; known as port redirection. In many implementations this is a separate signature that needs to be enabled.
STIG Date
IDS/IPS Security Technical Implementation Guide 2013-10-08

Details

Check Text ( C-21209r1_chk )
Have the IDPS SA display the configuration settings. Verify all http ports are defined and have the SA identify the signatures that will review applications using port redirection.

Review and tune as necessary the signatures that are specific to vulnerabilities in Web servers.
Fix Text (F-19099r1_fix)
Configure the IDPS to protect the Web components.