The VPN gateway server must enforce a policy to the remote software client to check for the presence of a personal firewall before enabling access to the VPN.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-30948 | NET-VPN-230 | SV-40990r1_rule | ECSC-1 | Medium |
| Description |
|---|
| The security posture of the remote PC connecting to the enclave via VPN is vital to the overall security of the enclave. While on-site hosts are behind the enclave’s perimeter defense, a remote PC is not and therefore is exposed to many vulnerabilities existing in the Internet when connected to a service provider via dial-up or broadband connection. Though it is policy to have a firewall installed on the remote PC according to the Secure Remote Computing Endpoint STIG (SRC-EPT-405), it is imperative the VPN gateway enforce the policy to the software client to verify the firewall is active prior to enabling access to the VPN. |
| STIG | Date |
|---|---|
| IPSec VPN Gateway Security Technical Implementation Guide | 2018-11-27 |
Details
| Check Text ( C-39607r1_chk ) |
|---|
| Review all ISAKMP client configuration groups used to push policy to remote software clients and determine if the software client will check for the presence of a personal firewall before enabling access to the VPN. |
| Fix Text (F-34757r1_fix) |
|---|
| Configure the ISAKMP client configuration groups used to push policy to remote software clients to check for the presence of a personal firewall before enabling access to the VPN. |