The IDPS must identify and respond to potential security-relevant error conditions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34787	SRG-NET-000272-IDPS-00197	SV-45714r1_rule		Medium

Description
Error messages generated by various components and services of the network devices can indicate a possible security violation or breach. The IDPS implementation must detect and respond to error messages that may be a symptom of a compromise and provide notification. These error messages may be part of the network traffic on segments being monitored. Responses to these conditions include alerts or traffic dropping/blocking. If security-relevant error conditions are not identified by the IDPS, intrusion attacks may remain undetected, allowing more serious damage to the network.

Description

Error messages generated by various components and services of the network devices can indicate a possible security violation or breach. The IDPS implementation must detect and respond to error messages that may be a symptom of a compromise and provide notification. These error messages may be part of the network traffic on segments being monitored. Responses to these conditions include alerts or traffic dropping/blocking. If security-relevant error conditions are not identified by the IDPS, intrusion attacks may remain undetected, allowing more serious damage to the network.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-43080r1_chk )
Verify signatures or rules exist on the management console to monitor the data for excessive error messages from network components. Verify signature or rules exist to identify and respond to potential security-relevant error conditions. If the system is not configured to identify and respond to potential security-relevant error conditions, this is a finding.

Fix Text (F-39112r1_fix)
Configure the system to identify and respond to potential security-relevant error conditions.