Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-34719 | SRG-NET-000204-IDPS-00149 | SV-45613r1_rule | Medium |
Description |
---|
Monitoring and filtering the outbound traffic adds a layer of protection to the enclave. Unlike an IDS, an IPS can both detect and take action to prevent harmful traffic from leaving the network. Blocking harmful outbound traffic can also prevent the network from being used as the source of an attack. In the case of an IDS only implementation, control must be achieved using another method or network device; however, this requirement must be implemented as part of the IDPS solution. |
STIG | Date |
---|---|
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Check Text ( C-42980r1_chk ) |
---|
Verify rules exist that monitor and block outbound traffic with internal source addresses that are harmful or will pose a threat to external information systems. If rules do not exist to monitor and enforce filtering of internal addresses posing a threat to external information systems, this is a finding. |
Fix Text (F-39011r1_fix) |
---|
Configure the IPS with rules to enforce filtering of internal addresses posing a threat to external information systems. |