UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Network IDPS administrator will ensure the IDPS is protecting the enclave from malware and unexpected traffic by using TCP Reset signatures.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19246 NET-IDPS-011 SV-21157r1_rule EBBD-1 Medium
Description
By listening to the conversation flow of inbound and outbound internet traffic for malware and malware references, the IDPS can prevent unwanted programs entering into the enclave. When it detects unmanaged instant messaging and peer-to-peer protocols or malware coming over IM , the IDPS can prevent the unwanted computer programs from entering the network by spoofing the source and destination machine addresses to send each session partner a TCP Reset packet. The TCP Reset instructs both sender and receiver to cease the current transfer of data.
STIG Date
IDS/IPS Security Technical Implementation Guide 2013-10-08

Details

Check Text ( C-23276r1_chk )
Have the SA identify the signature and policy established that forges TCP Resets at the perimeter and in front of DMZ server segments when malware and unexpected traffic is identified in the network.

If an IPS is not in place to provide this safeguard, verify there is a firewall at the described locations providing the safeguard.
Fix Text (F-19908r1_fix)
Implement TCP Reset protections to protect the enclave from malware and other unexpected network traffic.