Check: AADC-AG-000117
A10 Networks ADC ALG STIG:
AADC-AG-000117
(in versions v2 r1 through v1 r1)
Title
The A10 Networks ADC must enable logging of Denial of Service (DoS) attacks. (Cat II impact)
Discussion
Without an alert, security personnel may be unaware of major detection incidents that require immediate action, and this delay may result in the loss or compromise of information. CJCSM 6510.01B, "Cyber Incident Handling Program", lists nine Cyber Incident and Reportable Event Categories. DoD has determined that categories identified by CJCSM 6510.01B Major Indicators (category 1, 2, 4, or 7 detection events) will require an alert when an event is detected. Alerts may be transmitted, for example, telephonically, by electronic mail messages, or by text messaging. The device must either send the alert to a management console that is actively monitored by authorized personnel or use a messaging capability to send the alert directly to designated personnel. The A10 Networks ADC must be configured to generate a log message when IP anomalies and DoS attacks are detected.
Check Content
Review the device configuration. The following command displays the device configuration and filters the output on the string "log": show run | inc log If the output does not include the command "system attack log", this is a finding.
Fix Text
The following command enables logging of DDoS attacks: system attack log
Additional Identifiers
Rule ID: SV-237056r639615_rule
Vulnerability ID: V-237056
Group Title: SRG-NET-000392-ALG-000148
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002664 |
The information system alerts organization-defined personnel or roles when organization-defined compromise indicators reflect the occurrence of a compromise or a potential compromise. |
Controls
Number | Title |
---|---|
SI-4 (5) |
System-Generated Alerts |