The IDPS must monitor and control traffic at both the external and internal boundary interfaces.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34720	SRG-NET-000205-IDPS-00150	SV-45614r1_rule		Medium

Description
Monitoring and controlling both inbound and outbound network traffic adds a layer of protection to the enclave. Unlike an IDS, an IPS can both detect and take action to prevent harmful traffic from leaving the network. Blocking harmful inbound and outbound traffic can also prevent the network from being used as the source of an attack. In the case of an IDS only implementations, control must be achieved using another method or network device; however, this requirement must be implemented as part of the IDPS solution.

Description

Monitoring and controlling both inbound and outbound network traffic adds a layer of protection to the enclave. Unlike an IDS, an IPS can both detect and take action to prevent harmful traffic from leaving the network. Blocking harmful inbound and outbound traffic can also prevent the network from being used as the source of an attack. In the case of an IDS only implementations, control must be achieved using another method or network device; however, this requirement must be implemented as part of the IDPS solution.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-42981r1_chk )
Verify one or more sensors are configured to monitor traffic from both internal and external interfaces. Verify rules exist to detect harmful traffic on both the external and internal boundary interfaces. If rules do not exist to monitor and control traffic at both the external and internal boundary interfaces, this is a finding.

Fix Text (F-39012r1_fix)
Configure the IDPS with rules to monitor and control traffic at both the external and internal boundary interfaces.