UCF STIG Viewer Logo

The Network administrator will implement signatures that detect both specific attacks on public service servers and traffic types (protocols) that should not be seen on the segments containing ftp servers.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18509 NET-IDPS-007 SV-20044r1_rule ECSC-1 Medium
Description
In the Regional Enterprise Enclave different sets of sensors will see different traffic as a result of their location within the regional enclave. By establishing separate signature profiles for each set of sensors, each profile can then be tuned to generate alarms based on the traffic types seen, the attack signatures, and the specific traffic (string signatures) that is relevant to that particular set of sensors. If more than one set of sensors will see the same traffic types, then the same signature profile may be used for both sets. Alerting on specific connection signatures, general attack signatures, and specific string signatures provides focused segment analysis at Layers 4 through 7. Network segments containing FTP servers should have sensors installed that monitor, inspect and log all recognized ftp commands, as well as unrecognized ftp commands.
STIG Date
IDS/IPS Security Technical Implementation Guide 2013-10-08

Details

Check Text ( C-21245r1_chk )
Signatures are usually defined for each FTP command. Verify all FTP commands are being monitored by the IDPS.
Fix Text (F-19100r1_fix)
Add all signatures for FTP commands to the IDPS that monitors file servers.