The DataPower Gateway providing content filtering must generate a log record when unauthorized network services are detected.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-65285 | WSDP-AG-000109 | SV-79775r1_rule | CCI-002684 | medium |
| Description | ||||
| Unauthorized or unapproved network services lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services. Examples of network services include service-oriented architectures (SOAs), cloud-based services (e.g., infrastructure as a service, platform as a service, or software as a service), cross-domain, Voice Over Internet Protocol, Instant Messaging, auto-execute, and file sharing. | ||||
| STIG | Date | |||
| IBM DataPower ALG Security Technical Implementation Guide | 2016-01-21 | |||
Details
Check Text (C-79775r1_chk)
Using the WebGUI, go to Network >> Management >> Web Management Service. Verify that the "WS-Management endpoint" checkbox is checked and that an IP and port for the WS-Management endpoint to connect to is configured.
If the WS-Management endpoint is not enabled (checked) or not configured, this is a finding.
Fix Text (F-71225r1_fix)
Using the WebGUI, go to Network >> Management >> Web Management Service. Check the "WS-Management endpoint" checkbox. Configure an IP and port for the WS-Management endpoint to connect to.