Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-34788 | SRG-NET-000273-IDPS-00198 | SV-45716r1_rule | Medium |
Description |
---|
The extent to which the IDPS is able to identify and handle error conditions is guided by organizational policy and operational requirements. However, these error messages must not reveal information captured in the log data that could compromise either the device or the network. Hence, the content of error messages (within the sensor and audit logs) and alerts sent to the system administrators must be carefully considered. This requirement includes device or IDPS application error conditions, as well as sensor log alerts. IDPS error messages can potentially provide a wealth of information to an attacker, such as providing a security flaw within the IDPS implementation itself, allowing inadvertent access or exploitation of the resource records. |
STIG | Date |
---|---|
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2012-11-19 |
Check Text ( C-43082r1_chk ) |
---|
Review the error message sent by the system. (These messages may be part of the sensor rules or may be in a message repository, depending on the product used.) Verify the system notifications for error messages or sensor alerts do not contain sensitive or potentially harmful information, as defined by the organization. If sensitive or potentially harmful information, as defined by the organization, is included as part of the event sensor/audit event entries or the sensor alert messages, this is a finding. |
Fix Text (F-39114r1_fix) |
---|
Remove sensitive or potentially harmful information, as defined by the organization, from the logged notification messages for error conditions or sensor alerts. |