If Symantec ProxySG filters externally initiated traffic, reverse proxy services must be configured.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-94217	SYMP-AG-000010	SV-104171r1_rule		Medium

Description
Automated monitoring of remote access traffic allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by inspecting connection activities of remote access capabilities. Remote access methods include both unencrypted and encrypted traffic (e.g., web portals, web content filter, TLS, and webmail). With inbound TLS inspection, the traffic must be inspected prior to being allowed on the enclave's web servers hosting TLS or HTTPS applications.

Description

Automated monitoring of remote access traffic allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by inspecting connection activities of remote access capabilities. Remote access methods include both unencrypted and encrypted traffic (e.g., web portals, web content filter, TLS, and webmail). With inbound TLS inspection, the traffic must be inspected prior to being allowed on the enclave's web servers hosting TLS or HTTPS applications.

STIG	Date
Symantec ProxySG ALG Security Technical Implementation Guide	2020-03-27

Details

Check Text ( C-93403r1_chk )
The ProxySG is designed to monitor and control inbound traffic when in a reverse proxy configuration. Verify this is configured. 1. Verify with the ProxySG administrator that reverse proxy services are configured. 2. Log on to the Web Management Console. 3. Click Configuration >> Services >> Proxy Services. 4. Review each reverse proxy service identified by the administrator and Verify that all organizational services are represented by an HTTP or HTTPS proxy service in the configuration. If Symantec ProxySG filters externally initiated traffic but reverse proxy services are not configured, this is a finding.

Check Text ( C-93403r1_chk )

The ProxySG is designed to monitor and control inbound traffic when in a reverse proxy configuration. Verify this is configured.

1. Verify with the ProxySG administrator that reverse proxy services are configured.
2. Log on to the Web Management Console.
3. Click Configuration >> Services >> Proxy Services.
4. Review each reverse proxy service identified by the administrator and Verify that all organizational services are represented by an HTTP or HTTPS proxy service in the configuration.

If Symantec ProxySG filters externally initiated traffic but reverse proxy services are not configured, this is a finding.

Fix Text (F-100333r1_fix)
Configure the ProxySG to monitor and control inbound traffic by configuring reverse proxy services. This provides SSL proxy in reverse proxy mode. 1. Log on to the Web Management Console. 2. Click Configuration >> Services >> Proxy Services. 3. Click "New Service". 4. Enter information into the various service boxes in accordance with site architecture, operational requirements, and SSP requirements for which web servers are to be monitored and controlled.

Fix Text (F-100333r1_fix)

Configure the ProxySG to monitor and control inbound traffic by configuring reverse proxy services. This provides SSL proxy in reverse proxy mode.

1. Log on to the Web Management Console.
2. Click Configuration >> Services >> Proxy Services.
3. Click "New Service".
4. Enter information into the various service boxes in accordance with site architecture, operational requirements, and SSP requirements for which web servers are to be monitored and controlled.