Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-30956 | NET-VPN-180 | SV-40998r1_rule | ECSC-1 | Medium |
Description |
---|
Replay attack is a type of injection attack when an IPSec packet is captured by an attacker and re-inserts it into the legitimate flow to disrupt service or create undesired behavior. IPSec anti-replay service can mitigate a replay attack by running sequence numbers for each end of the tunnel and incrementing it for each packet sent. If a packet that is received does not have the expected sequence number, it is dropped. |
STIG | Date |
---|---|
IPSec VPN Gateway Security Technical Implementation Guide | 2016-09-28 |
Check Text ( C-39616r1_chk ) |
---|
Review all IPSec Security Associations configured globally or within IPSec profiles on the VPN gateway and determine if anti-replay is enabled. If anti-replay is not configured, determine if the feature is enabled by default. |
Fix Text (F-34766r2_fix) |
---|
Enable anti-replay on all IPSec security associations either within IPSec profiles or as a global command. |