The operating system must prevent remote devices that have established a non-remote connection with the system from communicating outside of the communication path with resources in external networks.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
RHEL-06-000424-PNF	RHEL-06-000424-PNF	RHEL-06-000424-PNF_rule		Medium

Description
This control enhancement is implemented within the remote device (e.g., notebook/laptop computer) via configuration settings not configurable by the user of the device. An example of a non-remote communications path from a remote device is a virtual private network. When a non-remote connection is established using a virtual private network, the configuration settings prevent split-tunneling. Split-tunneling might otherwise be used by remote users to communicate with the information system as an extension of the system and to communicate with local resources, such as a printer or file server. Since the remote device, when connected by a non-remote connection, becomes an extension of the information system allowing dual communications paths, such as split-tunneling, in effect allowing unauthorized external connections into the system. This is a split-tunneling requirement that can be controlled via the operating system by disabling interfaces.

Description

This control enhancement is implemented within the remote device (e.g., notebook/laptop computer) via configuration settings not configurable by the user of the device. An example of a non-remote communications path from a remote device is a virtual private network. When a non-remote connection is established using a virtual private network, the configuration settings prevent split-tunneling. Split-tunneling might otherwise be used by remote users to communicate with the information system as an extension of the system and to communicate with local resources, such as a printer or file server. Since the remote device, when connected by a non-remote connection, becomes an extension of the information system allowing dual communications paths, such as split-tunneling, in effect allowing unauthorized external connections into the system. This is a split-tunneling requirement that can be controlled via the operating system by disabling interfaces.

STIG	Date
Red Hat Enterprise Linux 6 Security Technical Implementation Guide	2013-02-05

Details

Check Text ( C-RHEL-06-000424-PNF_chk )
RHEL6 supports this requirement and cannot be configured to be out of compliance. This is a permanent not a finding.

Fix Text (F-RHEL-06-000424-PNF_fix)
This requirement is a permanent not a finding. No fix is required.