Symantec ProxySG providing intermediary services for remote access communications traffic must ensure outbound traffic is monitored for compliance with remote access security policies.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-94219 | SYMP-AG-000020 | SV-104173r1_rule | Medium |
| Description |
|---|
| Automated monitoring of remote access traffic allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by inspecting connection activities of remote access capabilities. Remote access methods include both unencrypted and encrypted traffic (e.g., web portals, web content filter, TLS, and webmail). With outbound traffic inspection, traffic must be inspected prior to being forwarded to destinations outside of the enclave, such as external email traffic. |
| STIG | Date |
|---|---|
| Symantec ProxySG ALG Security Technical Implementation Guide | 2020-03-27 |
Details
| Check Text ( C-93405r1_chk ) |
|---|
| Verify the ProxySG is configured to inspect internally initiated traffic. 1. Log on to the Web Management Console. 2. Click Configuration >> Visual Policy Manager. 3. Click "Launch". While in the Visual Policy Manager, verify that at least one SSL Access Layer (transparent proxy architectures) or Web Access Layer (explicit proxy architectures) is configured. If the ProxySG is not configured to inspect internally initiated traffic, this is a finding. |
| Fix Text (F-100335r1_fix) |
|---|
| Configure the ProxySG to inspect internally initiated traffic. 1. Log on to the Web Management Console. 2. Click Configuration >> Visual Policy Manager. 3. Click "Launch". While in the Visual Policy Manager, click Policy >> Add SSL Access Layer (transparent proxy architectures) or Add Web Access Layer (explicit proxy architectures). 4. Click File >> Install Policy on SG Appliance. |