Symantec ProxySG must not have unnecessary services and functions enabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-94271	SYMP-AG-000280	SV-104225r1_rule		Medium

Description
Information systems are capable of providing a wide variety of functions (capabilities or processes) and services. Some of these functions and services are installed and enabled by default. The organization must determine which functions and services are required to perform the content filtering and other necessary core functionality for each component of the ALG. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors. The primary function of an ALG is to provide application-specific content filtering and/or proxy services. The ALG application suite may integrate related content filtering and analysis services and tools (e.g., IPS, proxy, malware inspection, blacklists, whitelists). Some gateways may also include email scanning, decryption, caching, and DLP services. However, services and capabilities that are unrelated to this primary functionality must not be installed (e.g., DNS, email client or server, FTP server, or web server). Next Generation ALGs (NGFW) and Unified Threat Management (UTM) ALGs integrate functions that have been traditionally separated. These products integrate content filtering features to provide more granular policy filtering. There may be operational drawbacks to combining these services into one device. Another issue is that NGFW and UTM products vary greatly with no current definitive industry standard.

Description

Information systems are capable of providing a wide variety of functions (capabilities or processes) and services. Some of these functions and services are installed and enabled by default. The organization must determine which functions and services are required to perform the content filtering and other necessary core functionality for each component of the ALG. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors. The primary function of an ALG is to provide application-specific content filtering and/or proxy services. The ALG application suite may integrate related content filtering and analysis services and tools (e.g., IPS, proxy, malware inspection, blacklists, whitelists). Some gateways may also include email scanning, decryption, caching, and DLP services. However, services and capabilities that are unrelated to this primary functionality must not be installed (e.g., DNS, email client or server, FTP server, or web server). Next Generation ALGs (NGFW) and Unified Threat Management (UTM) ALGs integrate functions that have been traditionally separated. These products integrate content filtering features to provide more granular policy filtering. There may be operational drawbacks to combining these services into one device. Another issue is that NGFW and UTM products vary greatly with no current definitive industry standard.

STIG	Date
Symantec ProxySG ALG Security Technical Implementation Guide	2020-03-27

Details

Check Text ( C-93457r2_chk )
Determine what proxy services are enabled on the ProxySG. 1. Log on to the Web Management Console 2. Browse to Configuration >> Services >> Proxy Services 3. Review each service specified in the list with the ProxySG administrator to verify that each is required. If the Symantec ProxySG has any unnecessary services or functions enabled, this is a finding.

Fix Text (F-100387r2_fix)
Disable/remove unnecessary proxy services on the ProxySG. In particular, reverse proxy services should not configured if not used. 1. Log on to the Web Management Console 2. Browse to Configuration >> Services >> Proxy Services 3. Review each service and service group specified in the list with the ProxySG administrator. 4. Remove any unnecessary services or service groups by selecting them and clicking "Delete" 5. Click "Apply" once all unnecessary services or groups have been removed.

Fix Text (F-100387r2_fix)

Disable/remove unnecessary proxy services on the ProxySG. In particular, reverse proxy services should not configured if not used.

1. Log on to the Web Management Console
2. Browse to Configuration >> Services >> Proxy Services
3. Review each service and service group specified in the list with the ProxySG administrator.
4. Remove any unnecessary services or service groups by selecting them and clicking "Delete"
5. Click "Apply" once all unnecessary services or groups have been removed.