The IDPS must allow authorized system administrators to associate security attributes with information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34526	SRG-NET-000060-IDPS-00054	SV-45368r1_rule		High

Description
System administrators of the IDPS can reconfigure the rules and redirect traffic. If an unauthorized user gains access and then modifies the configuration, this could adversely impact the operation and availability of the entire network and all users. Malicious configuration changes may cause the sensors to miss critical attacks. If unauthorized individuals have permission to change security attribute-information associations, these individuals may compromise information flow and access control attributes, thus adversely impacting network availability or gaining unauthorized access to the information.

Description

System administrators of the IDPS can reconfigure the rules and redirect traffic. If an unauthorized user gains access and then modifies the configuration, this could adversely impact the operation and availability of the entire network and all users. Malicious configuration changes may cause the sensors to miss critical attacks. If unauthorized individuals have permission to change security attribute-information associations, these individuals may compromise information flow and access control attributes, thus adversely impacting network availability or gaining unauthorized access to the information.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42717r1_chk )
Obtain a list of authorized IDPS administrators. Ask the site representative if all system administrators have the same access privileges. Review the user groups in the user account management function. Verify only authorized IDPS administrators have privileges to change attribute-information associations for users, sensors, and system files. Verify root access is limited to authorized system administrators only. If the IDPS does not allow authorized system administrators to associate security attributes with information, this is a finding.

Check Text ( C-42717r1_chk )

Obtain a list of authorized IDPS administrators.
Ask the site representative if all system administrators have the same access privileges.
Review the user groups in the user account management function.
Verify only authorized IDPS administrators have privileges to change attribute-information associations for users, sensors, and system files.
Verify root access is limited to authorized system administrators only.

If the IDPS does not allow authorized system administrators to associate security attributes with information, this is a finding.

Fix Text (F-38765r1_fix)
Configure rights and permissions for system administrators, so only authorized IDPS administrators can change security attributes-information associations. Limit system administrators not authorized to change security attributes (e.g., session of packet identifiers; source and destination IP addresses; protocol identifiers; traffic classification based on QoS markings for preferred treatment; or VLAN identification) to just the access needed to perform their duties.

Fix Text (F-38765r1_fix)

Configure rights and permissions for system administrators, so only authorized IDPS administrators can change security attributes-information associations.
Limit system administrators not authorized to change security attributes (e.g., session of packet identifiers; source and destination IP addresses; protocol identifiers; traffic classification based on QoS markings for preferred treatment; or VLAN identification) to just the access needed to perform their duties.