Applications must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of Denial of Service (DoS) attacks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-36370	SRG-APP-247-NA	SV-47774r1_rule		Medium

Description
In the case of application DoS attacks, care must be taken when designing the application so as to ensure that the application makes the best use of system resources. SQL queries have the potential to consume large amounts of CPU cycles if they are not tuned for optimal performance. Web services containing complex calculations requiring large amounts of time to complete can bog down if too many requests for the service are encountered within a short period of time. Rationale for non-applicability: The MDM server is not responsible for actively protecting against traditional DoS attacks.

Description

In the case of application DoS attacks, care must be taken when designing the application so as to ensure that the application makes the best use of system resources. SQL queries have the potential to consume large amounts of CPU cycles if they are not tuned for optimal performance. Web services containing complex calculations requiring large amounts of time to complete can bog down if too many requests for the service are encountered within a short period of time. Rationale for non-applicability: The MDM server is not responsible for actively protecting against traditional DoS attacks.

STIG	Date
Mobile Device Manager Security Requirements Guide	2013-01-24

Details

Check Text ( C-44611r1_chk )
This requirement is NA for the MDM server SRG.

Fix Text (F-40902r1_fix)
The requirement is NA. No fix is required.