The IDPS must enforce organizationally defined one-way traffic flows.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34790	SRG-NET-000032-IDPS-00031	SV-45730r1_rule		Medium

Description
The flow of all network traffic must be monitored and controlled, so it does not introduce any unacceptable risk to the network infrastructure or data. This control is applicable to IPS installations because it requires the enforcement (rather than just monitoring) of traffic flows. Information flow control regulates where information is allowed to travel within a network and between interconnected networks. This control requires the organization implement hardware mechanisms, such as the IPS, to enforce one-way traffic flows.

Description

The flow of all network traffic must be monitored and controlled, so it does not introduce any unacceptable risk to the network infrastructure or data. This control is applicable to IPS installations because it requires the enforcement (rather than just monitoring) of traffic flows. Information flow control regulates where information is allowed to travel within a network and between interconnected networks. This control requires the organization implement hardware mechanisms, such as the IPS, to enforce one-way traffic flows.

STIG	Date
Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide	2012-11-19

Details

Check Text ( C-43098r1_chk )
If this is an IDS only implementation, this is not a finding. If the site does not require one-way traffic enforcing this is not applicable. Verify rules exist to monitor network traffic for violations of one-way traffic flow restrictions. Verify the unauthorized traffic is dropped. If a rule or signature does not exist which enforces one-way traffic rules, this is a finding.

Fix Text (F-39130r1_fix)
Create a rule in the IPS which blocks traffic flowing in unauthorized directions on the monitored network segment.