The IDPS must employ automated mechanisms to prevent program execution in accordance with organizationally defined specifications.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34627 | SRG-NET-000133-IDPS-00099 | SV-45502r1_rule | Medium |
| Description |
|---|
| A compromised IDPS introduces risk to the entire network infrastructure as well as data resources accessible via the network. The perimeter defense has no oversight or control of attacks by malicious users within the network. Prevention of network breaches from within the network requires a comprehensive defense-in-depth strategy, including security all devices connecting to the network. This is accomplished by following and implementing all security guidance applicable for each node type. A fundamental step in securing each IDPS is to only enable the services required for operation. Any form of automatic execution should be disabled as it can easily be exploited by hackers to infect hosts with malware and viruses. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42851r1_chk ) |
|---|
| Verify anti-malware software is installed on the sensors. If anti-malware software is not installed and configured to protect each sensor, this is a finding. |
| Fix Text (F-38899r1_fix) |
|---|
| Install and configure an anti-malware solution on the sensors (e.g., HIDS, anti-virus, and/or whitelisting). |