The IDPS must route all management traffic through a dedicated management interface.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34713 | SRG-NET-000198-IDPS-00145 | SV-45606r1_rule | Medium |
| Description |
|---|
| Although the IDPS is not responsible for routing all network management traffic to the management network, it must route all outgoing communications through the OOBM interface. If management traffic is allowed onto the user network segments, privileged information may be intercepted by non-privileged users which could lead to the compromise of network devices. IDPS sensors are installed in stealth mode with one interface installed on the management network. This interface is used for communications with the management console and other network elements. The management console is installed on the management network. If in-band management is required because of mission requirements, a dedicated IP address for the remote management client, as well as traffic encryption is required. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42972r1_chk ) |
|---|
| Verify the OOBM interface for all sensors is configured with an IP address from the address space belonging to the OOBM network. After determining which interface is connected to the OOBM access switch, review the managed device configuration. Verify the interface has been assigned an address from the local management address block. If management traffic is not directed through a dedicated management interface for purposes of access control and auditing, this is a finding. |
| Fix Text (F-39004r1_fix) |
|---|
| Configure the IDPS’s OOBM interface with an IP address from the address space belonging to the OOBM network. |