The IDPS must prevent access into the organizations internal networks except as explicitly permitted and controlled by employing boundary protection devices.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-34716 | SRG-NET-000201-IDPS-00148 | SV-45610r1_rule | Medium |
| Description |
|---|
| The enclave’s internal network contains the servers where mission critical data and applications reside. There should never be connection attempts made to these devices from any host outside of the enclave. The initial defense for the internal network is to block any traffic at the perimeter attempting to make a connection to a host residing on the internal network. This requirement is not applicable for IDS only implementations since it is specifically for enforcement. Typically, this function is performed by the network firewall. However, some newer IDPS products are able to perform this function. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Details
| Check Text ( C-42976r1_chk ) |
|---|
| If this is an IDS only implementation, this is not applicable. If this function is performed by another network element, this is not a finding. Inspect the rules installed on the IPS. Verify rules exist to monitor for invalid access into the organization’s internal networks. Verify an enforcement action is taken to deny all access for direct connection to the internal network from outside the enclave. If a rule preventing direct access to the internal network from a source external to the DoD enclave does not exist, this is a finding. |
| Fix Text (F-39008r1_fix) |
|---|
| Implement rules for monitoring and enforcing a denial-by-default of access traffic from outside the enclave with destination addresses directly to the internal network. |