Check: GEN000000-AIX0220
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE:
GEN000000-AIX0220
(in versions v1 r14 through v1 r10)
Title
The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks. (Cat II impact)
Discussion
The tcp_tcpsecure parameter provides protection for TCP connections from fake SYN's, fake RST, and data injections on established connections. The first vulnerability involves sending a fake SYN to an established connection to abort the connection. The second vulnerability involves sending a fake RST to an established connection to abort the connection. The third vulnerability involves injecting fake data in an established TCP connection.
Check Content
Check the value of the tcp_tcpsecure parameter. # /usr/sbin/no -o tcp_tcpsecure If the value returned is not 7, this is a finding.
Fix Text
Set the tcp_tcpsecure parameter to 7. # /usr/sbin/no -p -o tcp_tcpsecure=7
Additional Identifiers
Rule ID: SV-38701r1_rule
Vulnerability ID: V-29497
Group Title: GEN000000-AIX0220
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000032 |
The information system enforces information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows. |
Controls
Number | Title |
---|---|
AC-4 (8) |
Security Policy Filters |