The DataPower Gateway must not use 0.0.0.0 as a listening IP address for any service.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-65317 | WSDP-AG-000151 | SV-79807r1_rule | CCI-002403 | medium |
| Description | ||||
| Using 0.0.0.0 as a listening address allows all interfaces to receive traffic for the service. This creates an unnecessary exposure when services are configured to listen on this address. | ||||
| STIG | Date | |||
| IBM DataPower ALG Security Technical Implementation Guide | 2016-01-21 | |||
Details
Check Text (C-79807r1_chk)
Go to Default domain.
Click Status >> Main >> Active Services >> Click Show All Domains.
Review IP addresses assigned to active services. If any list 0.0.0.0, this is a finding.
Fix Text (F-71257r1_fix)
Log on to each active domain.
Click Objects >> Protocol Handlers >> HTTP Front Side Handlers.
Click on the name of any Handler listed that uses the IP Address of 0.0.0.0.
Change the IP Address >> Click Apply.
Click Objects >> Protocol Handlers >> HTTPS Front Side Handlers.
Click on the name of any Handler listed that uses the IP Address of 0.0.0.0.
Change the IP Address >> Click Apply >> Click Save Configuration.