UCF STIG Viewer Logo

The IDPS must be configured to alarm if unexpected protocols for network management enter the subnet.


Overview

Finding ID Version Rule ID IA Controls Severity
V-34772 SRG-NET-000257-IDPS-00183 SV-45696r1_rule Medium
Description
The management network must detect all attacks on the management hosts. The management network has a range of traffic that is permitted. Some of the following traffic is allowed on the Management Hosts Segment: Trivial File Transfer Protocol (TFTP [UDP 69]): For network device configuration files from devices on the Managed Devices Segment; FTP-Data (TCP 20): For file transfers to network devices on the Managed Devices Segment and for Internet downloads; FTP-Control (TCP 21): For file transfers to network devices on the Managed Devices Segment and for Internet downloads; Sysco (UDP 514): From network devices on the Managed Devices Segment; Telnet (TCP 23): To network devices on the Managed Devices Segment; SSH (TCP 22): To network devices on the Managed Devices Segment; Network Time Protocol (NTP [UDP 123]): To synchronize the clocks of all network devices on the Managed Devices Segment; HTTP (TCP 80): To the Internet and from hosts on other segments to download the host-based IPS agent software; HTTPS (TCP 443): To network devices on the Managed Devices Segment and the Internet, as well as between the host-based IPS Console and its agents; TACACS+ (TCP 49): For administrator authentication to devices on the Managed Devices Segment; RADIUS (UDP 1812/1813 authentication/accounting): For authentication of administrator remote-access VPN connections coming from the Remote Administration Segment; ICMP (IP Protocol 1): Echo request and response to reach network devices on the Managed Devices Segment and the Internet; DNS (UDP 53): For name translation services for management hosts as they access services on the Internet; Simple Network Management Protocol (SNMP [UDP 161]): To query information from network devices on the Managed Devices Segment; SNMP-Trap (UDP 162): To receive trap information from network devices on the Managed Devices Segment.
STIG Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide 2012-11-19

Details

Check Text ( C-43062r1_chk )
Verify the device is protecting the network management subnet.
Protocols going to the management network should be known to the SA.
Alarms should be generated for unexpected traffic types.

If the sensor is not configured to alarm if unexpected protocols for network management enter the subnet, this is a finding.
Fix Text (F-39094r1_fix)
Implement or modify the sensor to protect the management network.