Check: AADC-AG-000100
A10 Networks ADC ALG STIG:
AADC-AG-000100
(in versions v2 r1 through v1 r1)
Title
The A10 Networks ADC must implement load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks. (Cat II impact)
Discussion
Although maintaining high availability is normally an operational consideration, load balancing is also a useful strategy in mitigating network-based DoS attacks. If the network does not provide safeguards against DoS attacks, network resources will be unavailable to users. Load balancing provides service redundancy which reduces the susceptibility of the enclave to many DoS attacks. Since one of the primary purposes of the Application Delivery Controller is to balance loads across multiple servers, it would be extremely unusual for it to not be configured to perform this function.
Check Content
Review the device configuration. Ask the Administrator which Application Delivery Services are being provided by the device. The following command displays information for Server Load Balancing: show slb If no Server Load Balancing sessions exist, this is a finding.
Fix Text
Configure the device to balance the traffic load of provided services. This will require configuring Server Load Balancing.
Additional Identifiers
Rule ID: SV-237050r639597_rule
Vulnerability ID: V-237050
Group Title: SRG-NET-000362-ALG-000120
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002385 |
The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards. |
Controls
Number | Title |
---|---|
SC-5 |
Denial Of Service Protection |