Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-94233	SYMP-AG-000090	SV-104187r1_rule		Medium

Description
Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changes to the PPSM CAL, vulnerability assessments, or mission conditions. Changing conditions include changes in the threat environment and detection of potentially harmful or adverse events. Changes to the ALG must take effect when made by an authorized administrator and the new configuration is put in place or committed, including upon restart of the application or reboot of the system. With some devices, the changes take effect as the configuration is changed, while with others, the new configuration must be submitted to the device. In any case, the behavior of the ALG must immediately be affected to reflect the configuration change. In the ProxySG platform, a policy contains one or more layers that provide functionality, such as SSL interception, authentication, and web access. Each layer contains rules that define source and destination criteria and an action to take for each set of criteria.

Description

Information flow policies regarding dynamic information flow control include, for example, allowing or disallowing information flows based on changes to the PPSM CAL, vulnerability assessments, or mission conditions. Changing conditions include changes in the threat environment and detection of potentially harmful or adverse events. Changes to the ALG must take effect when made by an authorized administrator and the new configuration is put in place or committed, including upon restart of the application or reboot of the system. With some devices, the changes take effect as the configuration is changed, while with others, the new configuration must be submitted to the device. In any case, the behavior of the ALG must immediately be affected to reflect the configuration change. In the ProxySG platform, a policy contains one or more layers that provide functionality, such as SSL interception, authentication, and web access. Each layer contains rules that define source and destination criteria and an action to take for each set of criteria.

STIG	Date
Symantec ProxySG ALG Security Technical Implementation Guide	2020-03-27

Details

Check Text ( C-93419r1_chk )
Verify that ProxySG is configured to restrict access to suspicious or harmful communications. 1. Log on to the Web Management Console. 2. Click Configuration >> Visual Policy Manager. 3. Click "Launch". While in the Visual Policy Manager, click into each Web Access and SSL Access Layer. 4. Within each layer above, review each rule and verify that the "Destination" fields are not set to "Any" and that they contain URL categories and/or threat risk levels that should be blocked per the organization's security policy. If Symantec ProxySG does not immediately use updates made to policy enforcement mechanisms such as policies and rules, this is a finding.

Check Text ( C-93419r1_chk )

Verify that ProxySG is configured to restrict access to suspicious or harmful communications.

1. Log on to the Web Management Console.
2. Click Configuration >> Visual Policy Manager.
3. Click "Launch". While in the Visual Policy Manager, click into each Web Access and SSL Access Layer.
4. Within each layer above, review each rule and verify that the "Destination" fields are not set to "Any" and that they contain URL categories and/or threat risk levels that should be blocked per the organization's security policy.

If Symantec ProxySG does not immediately use updates made to policy enforcement mechanisms such as policies and rules, this is a finding.

Fix Text (F-100349r1_fix)
Configure ProxySG to restrict access to suspicious or harmful communications. 1. Log on to the Web Management Console. 2. Click Configuration >> Content Filtering. 3. Under "General," verify that at least one "Provider" is enabled. 4. Click Configuration >> Visual Policy Manager. 5. Click "Launch". While in the Visual Policy Manager, click into each Web Access and SSL Access Layer. 6. Within each layer above, right-click the "Destination" fields of each rule, click "set", and specify URL categories and/or threat risk levels that should be blocked per the organization's security policy. 7. Click File >> Install Policy on SG Appliance.

Fix Text (F-100349r1_fix)

Configure ProxySG to restrict access to suspicious or harmful communications.

1. Log on to the Web Management Console.
2. Click Configuration >> Content Filtering.
3. Under "General," verify that at least one "Provider" is enabled.
4. Click Configuration >> Visual Policy Manager.
5. Click "Launch". While in the Visual Policy Manager, click into each Web Access and SSL Access Layer.
6. Within each layer above, right-click the "Destination" fields of each rule, click "set", and specify URL categories and/or threat risk levels that should be blocked per the organization's security policy.
7. Click File >> Install Policy on SG Appliance.