The IDPS must protect against or limit the effects of Denial of Service (DoS) attacks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34706	SRG-NET-000191-IDPS-00139	SV-45592r1_rule		Medium

Description
A DoS attack against the IDPS components can leave the network without vital intrusion detection and prevention services, leaving the network and devices open to attack. A variety of technologies exist to limit or eliminate the effects of DoS attacks. The IDPS must help monitor for and filter certain types of packets to protect information system components on internal organizational networks from DoS attacks. Use of multiple sensors, load balancers, increasing sensor log capacity, and providing service redundancy may also reduce the IDPS's susceptibility to denial of service attacks.

Description

A DoS attack against the IDPS components can leave the network without vital intrusion detection and prevention services, leaving the network and devices open to attack. A variety of technologies exist to limit or eliminate the effects of DoS attacks. The IDPS must help monitor for and filter certain types of packets to protect information system components on internal organizational networks from DoS attacks. Use of multiple sensors, load balancers, increasing sensor log capacity, and providing service redundancy may also reduce the IDPS's susceptibility to denial of service attacks.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42950r1_chk )
Review the IDPS to determine if it is configured to protect against and limit the effects of DoS attacks. If the IDPS is not configured to limit DoS attacks, this is a finding.

Fix Text (F-38990r1_fix)
Configure the IDPS to protect against or limit the effects of DoS attacks.