The IDPS must be configured to remove or disable non-essential capabilities which are not required for operation or not related to IDPS functionality (e.g., DNS, email client or server, FTP server, or web server).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-55339 | SRG-NET-000131-IDPS-00011 | SV-69585r1_rule | Medium |
| Description |
|---|
| An IDPS can be capable of providing a wide variety of capabilities. Not all of these capabilities are necessary. Unnecessary services, functions, and applications increase the attack surface (sum of attack vectors) of a system. These unnecessary capabilities are often overlooked and therefore may remain unsecured. |
| STIG | Date |
|---|---|
| Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide | 2020-06-12 |
Details
| Check Text ( C-55961r1_chk ) |
|---|
| Have the SCA display the services running on the IDPS components. Review the IDPS configuration to determine if non-essential capabilities not required for operation, or not related to IDPS functionality (e.g., DNS, email client or server, FTP server, or web server) are enabled. If the IDPS is not configured to remove or disable non-essential capabilities which are not required for operation or not related to IDPS functionality (e.g., DNS, email client or server, FTP server, or web server), this is a finding. |
| Fix Text (F-60205r1_fix) |
|---|
| Remove or disable non-essential capabilities from the IDPS. Removal is recommended since the service or function may be inadvertently enabled. However, if removal is not possible, disable the service or function. Document all necessary services. |