UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Symantec ProxySG must implement load balancing to limit the effects of known and unknown types of denial-of-service (DoS) attacks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-94319 SYMP-AG-000530 SV-104273r1_rule Medium
Description
If the network does not provide safeguards against DoS attacks, network resources will be unavailable to users. Load balancing provides service redundancy, which reduces the susceptibility of the ALG to many DoS attacks. The ALG must be configured to prevent or mitigate the impact on network availability and traffic flow of DoS attacks that have occurred or are ongoing. This requirement applies to the network traffic functionality of the device as it pertains to handling network traffic. Some types of attacks may be specialized to certain network technologies, functions, or services. For each technology, known and potential DoS attacks must be identified and solutions for each type implemented. For detailed information, see the ProxySG Administration Guide, Chapter 39: Configuring Failover.
STIG Date
Symantec ProxySG ALG Security Technical Implementation Guide 2020-03-27

Details

Check Text ( C-93505r1_chk )
Verify that redundancy has been configured on the ProxySG.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Network >> Advanced.
3. Select the "Failover" tab and Verify that entries are present and that they are "enabled".

If Symantec ProxySG does not implement load balancing to limit the effects of known and unknown types of DoS attacks, this is a finding.
Fix Text (F-100435r1_fix)
Configure redundancy on the ProxySG.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Network >> Advanced.
3. Select the "Failover" tab and configure using the SSP requirements.