The IDPS must monitor and enforce filtering of internal addresses posing a threat to external information systems.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34719	SRG-NET-000204-IDPS-00149	SV-45613r1_rule		Medium

Description
Monitoring and filtering the outbound traffic adds a layer of protection to the enclave. Unlike an IDS, an IPS can both detect and take action to prevent harmful traffic from leaving the network. Blocking harmful outbound traffic can also prevent the network from being used as the source of an attack. In the case of an IDS only implementation, control must be achieved using another method or network device; however, this requirement must be implemented as part of the IDPS solution.

Description

Monitoring and filtering the outbound traffic adds a layer of protection to the enclave. Unlike an IDS, an IPS can both detect and take action to prevent harmful traffic from leaving the network. Blocking harmful outbound traffic can also prevent the network from being used as the source of an attack. In the case of an IDS only implementation, control must be achieved using another method or network device; however, this requirement must be implemented as part of the IDPS solution.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42980r1_chk )
Verify rules exist that monitor and block outbound traffic with internal source addresses that are harmful or will pose a threat to external information systems. If rules do not exist to monitor and enforce filtering of internal addresses posing a threat to external information systems, this is a finding.

Fix Text (F-39011r1_fix)
Configure the IPS with rules to enforce filtering of internal addresses posing a threat to external information systems.