The router must monitor and control traffic at both the external and internal boundary interfaces.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-NET-000205-RTR-000093	SRG-NET-000205-RTR-000093	SRG-NET-000205-RTR-000093_rule		High

Description
Audit logs are necessary to provide a trail of evidence in case the network is compromised. With this information, the network administrator can devise ways to block the attack and possibly identify and prosecute the attacker. Information supplied by log data is used for forensic analysis of an incident as well as to aid with normal traffic analysis. It is imperative all inbound and outbound blocked traffic be logged.

Description

Audit logs are necessary to provide a trail of evidence in case the network is compromised. With this information, the network administrator can devise ways to block the attack and possibly identify and prosecute the attacker. Information supplied by log data is used for forensic analysis of an incident as well as to aid with normal traffic analysis. It is imperative all inbound and outbound blocked traffic be logged.

STIG	Date
Router Security Requirements Guide	2013-07-30

Details

Check Text ( C-SRG-NET-000205-RTR-000093_chk )
Verify a router is configured to monitor traffic from both internal and external interfaces. Verify filters exist to detect harmful traffic on both the external and internal boundary interfaces. If filters do not exist to monitor and control traffic at both the external and internal boundary interfaces, this is a finding.

Fix Text (F-SRG-NET-000205-RTR-000093_fix)
Configure the router with filters to monitor and control traffic at both the external and internal boundary interfaces.