The IDPS must take corrective action when unauthorized mobile code is identified.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34743	SRG-NET-000229-IDPS-00163	SV-45652r1_rule		Medium

Description
Mobile code is a program that can be executed on one or several hosts other than the one they originate from. These programs offer many benefits to the organization; however, decisions regarding the use of mobile code must also include consideration of which types of mobile code are not authorized for use. Malicious mobile code can be used to install malware on a computer. The code can be transmitted through interactive Web applications such as Java, JavaScript, ActiveX, Postscript, PDF, Shockwave movies, Flash animations, and VBScript. While the IDPS cannot replace the anti-virus and HIDS protection installed on the network's endpoints, vendor or locally created sensor rules can be implemented which provide preemptive defense against both known and zero day vulnerabilities. Many of the protections may provide defenses before vulnerabilities are discovered and rules or blacklist updates are distributed by anti-virus or malicious code solution vendors. When detected, the IDPS must log and drop the traffic containing the mobile code.

Description

Mobile code is a program that can be executed on one or several hosts other than the one they originate from. These programs offer many benefits to the organization; however, decisions regarding the use of mobile code must also include consideration of which types of mobile code are not authorized for use. Malicious mobile code can be used to install malware on a computer. The code can be transmitted through interactive Web applications such as Java, JavaScript, ActiveX, Postscript, PDF, Shockwave movies, Flash animations, and VBScript. While the IDPS cannot replace the anti-virus and HIDS protection installed on the network's endpoints, vendor or locally created sensor rules can be implemented which provide preemptive defense against both known and zero day vulnerabilities. Many of the protections may provide defenses before vulnerabilities are discovered and rules or blacklist updates are distributed by anti-virus or malicious code solution vendors. When detected, the IDPS must log and drop the traffic containing the mobile code.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-43018r1_chk )
Verify the sensors are configured to take action (e.g., blocking, quarantining, or alerting authorized individuals) when unauthorized mobile code is detected. If the IDPS is not configured to take corrective action when unauthorized mobile code is detected, this is a finding.

Fix Text (F-39050r1_fix)
Configure the sensors to take action (e.g., blocking, quarantining, or alerting authorized individuals) when unauthorized mobile code is detected.