Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-30948 | NET-VPN-230 | SV-40990r1_rule | ECSC-1 | Medium |
Description |
---|
The security posture of the remote PC connecting to the enclave via VPN is vital to the overall security of the enclave. While on-site hosts are behind the enclave’s perimeter defense, a remote PC is not and therefore is exposed to many vulnerabilities existing in the Internet when connected to a service provider via dial-up or broadband connection. Though it is policy to have a firewall installed on the remote PC according to the Secure Remote Computing Endpoint STIG (SRC-EPT-405), it is imperative the VPN gateway enforce the policy to the software client to verify the firewall is active prior to enabling access to the VPN. |
STIG | Date |
---|---|
IPSec VPN Gateway Security Technical Implementation Guide | 2016-09-28 |
Check Text ( C-39607r1_chk ) |
---|
Review all ISAKMP client configuration groups used to push policy to remote software clients and determine if the software client will check for the presence of a personal firewall before enabling access to the VPN. |
Fix Text (F-34757r1_fix) |
---|
Configure the ISAKMP client configuration groups used to push policy to remote software clients to check for the presence of a personal firewall before enabling access to the VPN. |