UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Network IDPS administrator will tune the sensor to alarm if unexpected protocols for network management enter the subnet.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18512 NET-IDPS-009 SV-20047r1_rule ECSC-1 Medium
Description
The management network must detect all attacks on the management hosts. The management network has a various range of traffic that is permitted. Some of the following traffic is allowed on the Management Hosts Segment: Trivial File Transfer Protocol (TFTP [UDP 69])—For network device configuration files from devices on the Managed Devices Segment; FTP-Data (TCP 20)—For file transfers to network devices on the Managed Devices Segment and for Internet downloads; FTP-Control (TCP 21)—For file transfers to network devices on the Managed Devices Segment and for Internet downloads; Syslog (UDP 514)—From network devices on the Managed Devices Segment; Telnet (TCP 23)—To network devices on the Managed Devices Segment; SSH (TCP 22)—To network devices on the Managed Devices Segment; Network Time Protocol (NTP [UDP 123])—To synchronize the clocks of all network devices on the Managed Devices Segment; HTTP (TCP 80)—To the Internet and from hosts on other segments to download the host-based IPS agent software; HTTPS (TCP 443)—To network devices on the Managed Devices Segment and the Internet as well as between the host-based IPS Console and its agents; TACACS+ (TCP 49)—For administrator authentication to devices on the Managed Devices Segment; RADIUS (UDP 1812/1813 authentication/accounting)—For authentication of administrator remote-access VPN connections coming from the Remote Administration Segment; ICMP (IP Protocol 1)—Echo request and response to reach network devices on the Managed Devices Segment and the Internet; DNS (UDP 53)—For name translation services for management hosts as they access services on the Internet; Simple Network Management Protocol (SNMP [UDP 161])—To query information from network devices on the Managed Devices Segment; SNMP-Trap (UDP 162)—To receive trap information from network devices on the Managed Devices Segment.
STIG Date
IDS/IPS Security Technical Implementation Guide 2013-10-08

Details

Check Text ( C-21280r1_chk )
Review the IDPS configuration and ensure the device is protecting the Network Management subnet. Protocols going to the Management network should be known by the SA. Alarms should be generated for unexpected traffic types.
Fix Text (F-19106r1_fix)
Implement or modify the sensor to protect the Management Network. Expected traffic to this network should be known by the SA.