The Network IDPS administrator will ensure the IDPS is protecting the enclave from malware and unexpected traffic by using TCP Reset signatures.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-19246	NET-IDPS-011	SV-21157r1_rule	EBBD-1	Medium

Description
By listening to the conversation flow of inbound and outbound internet traffic for malware and malware references, the IDPS can prevent unwanted programs entering into the enclave. When it detects unmanaged instant messaging and peer-to-peer protocols or malware coming over IM , the IDPS can prevent the unwanted computer programs from entering the network by spoofing the source and destination machine addresses to send each session partner a TCP Reset packet. The TCP Reset instructs both sender and receiver to cease the current transfer of data.

Description

By listening to the conversation flow of inbound and outbound internet traffic for malware and malware references, the IDPS can prevent unwanted programs entering into the enclave. When it detects unmanaged instant messaging and peer-to-peer protocols or malware coming over IM , the IDPS can prevent the unwanted computer programs from entering the network by spoofing the source and destination machine addresses to send each session partner a TCP Reset packet. The TCP Reset instructs both sender and receiver to cease the current transfer of data.

STIG	Date
IDS/IPS Security Technical Implementation Guide	2013-10-08

Details

Check Text ( C-23276r1_chk )
Have the SA identify the signature and policy established that forges TCP Resets at the perimeter and in front of DMZ server segments when malware and unexpected traffic is identified in the network. If an IPS is not in place to provide this safeguard, verify there is a firewall at the described locations providing the safeguard.

Fix Text (F-19908r1_fix)
Implement TCP Reset protections to protect the enclave from malware and other unexpected network traffic.