UCF STIG Viewer Logo

Symantec ProxySG must allow incoming communications only from organization-defined authorized sources routed to organization-defined authorized destinations.


Overview

Finding ID Version Rule ID IA Controls Severity
V-94323 SYMP-AG-000550 SV-104277r1_rule Medium
Description
Unrestricted traffic may contain malicious traffic that poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources. Access control policies and access control lists implemented on devices that control the flow of network traffic (e.g., application-level firewalls and web content filters) ensure the flow of traffic is only allowed from authorized sources to authorized destinations. Networks with different levels of trust (e.g., the Internet or CDS) must be kept separate.
STIG Date
Symantec ProxySG ALG Security Technical Implementation Guide 2020-03-27

Details

Check Text ( C-93509r1_chk )
Determine what proxy services are enabled on the ProxySG.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Services >> Proxy Services.
3. Review each service specified in the list with the ProxySG administrator to verify that all remote access traffic has been accounted for.
4. Click Configuration >> Policy >> Visual Policy Manager >> Launch.
5. Click each layer and Verify that the "Source" and "Destination" fields for each rule are set to the organizationally defined sources and destinations.

If Symantec ProxySG allows incoming communications other than those from organization-defined authorized sources routed to organization-defined authorized destinations, this is a finding.
Fix Text (F-100439r1_fix)
Configure proxy services.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Services >> Proxy Services.
3. Review each service specified in the list with the ProxySG administrator to ensure that all remote access traffic has been accounted for and add any that are missing per the ProxySG Administration Guide, Chapter 7: Managing Proxy Services.
4. Click Configuration >> Policy >> Visual Policy Manager >> Launch.
5. Click each layer and right-click the "Source" and "Destination" fields for each rule. Select "Set" and set each to the organizationally defined values in accordance with the site's SSP.