The Riverbed Optimization System (RiOS) must be configured to ensure inbound and outbound traffic is forwarded to be inspected by the firewall and IDPS in compliance with remote access security policies.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-62813	RICX-AG-000037	SV-77303r1_rule		Medium

Description
Automated monitoring of remote access traffic allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by inspecting connection activities of remote access capabilities. Remote access methods include both unencrypted and encrypted traffic. Inbound traffic must be inspected prior to being allowed on the enclave's trusted networks. Outbound traffic inspection must occur prior to being forwarded to destinations outside of the enclave. Optimally, the SteelHead must be architecturally placed at the perimeter in front of the perimeter router. Thus, traffic is directed for firewall and IDPS inspection for inbound and outbound traffic in compliance with DoD policy. Additionally, from an operational perspective, this architecture avoids the need to open many ports and services in the firewall to accommodate TCP options 76 and 78 and ports 7800, 7810, and 7870. Some other configurations may involve even more ports and services.

Description

Automated monitoring of remote access traffic allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by inspecting connection activities of remote access capabilities. Remote access methods include both unencrypted and encrypted traffic. Inbound traffic must be inspected prior to being allowed on the enclave's trusted networks. Outbound traffic inspection must occur prior to being forwarded to destinations outside of the enclave. Optimally, the SteelHead must be architecturally placed at the perimeter in front of the perimeter router. Thus, traffic is directed for firewall and IDPS inspection for inbound and outbound traffic in compliance with DoD policy. Additionally, from an operational perspective, this architecture avoids the need to open many ports and services in the firewall to accommodate TCP options 76 and 78 and ports 7800, 7810, and 7870. Some other configurations may involve even more ports and services.

STIG	Date
Riverbed SteelHead CX v8 ALG Security Technical Implementation Guide	2015-11-30

Details

Check Text ( C-63607r1_chk )
Inspect the architectural placement of the device. Verify the traffic from the device is directed to the firewall and IDS or IPS for inspection. If RiOS is not configured to ensure inbound and outbound traffic is forwarded to be inspected by the firewall and IDPS in compliance with remote access security policies, this is a finding.

Fix Text (F-68731r1_fix)
Architecturally place the SteelHead device to avoid the need to open TCP ports in the firewall. The recommended best practice for this device is to install it at the perimeter in front of the perimeter router and direct and configure to direct traffic to the router. Thus, inbound and outbound traffic is forwarded to be inspected by the firewall and IDPS in compliance with remote access security policies.

Fix Text (F-68731r1_fix)

Architecturally place the SteelHead device to avoid the need to open TCP ports in the firewall. The recommended best practice for this device is to install it at the perimeter in front of the perimeter router and direct and configure to direct traffic to the router. Thus, inbound and outbound traffic is forwarded to be inspected by the firewall and IDPS in compliance with remote access security policies.