UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IDPS must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of DoS attacks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34708 SRG-NET-000193-IDPS-00141 SV-45594r1_rule Medium
Description
Managing excess capacity ensures that sufficient capacity is available to counter flooding attacks. Managing excess capacity may include establishing selected usage priorities, quotas, or partitioning. The device must be configured to contain and limit a DoS attack’s effect on the device’s resource utilization.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-42953r1_chk )
Review the IDPS documentation and configuration to determine if excess capacity and bandwidth are managed, and if redundancy is built into the system to limit the effects of information flooding types of DoS attacks on IDPS components themselves.

If excess capacity and bandwidth are not managed, or redundancy is not built into the architecture, this is a finding.
Fix Text (F-38992r1_fix)
Configure the IDPS to manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of DoS attacks.