Check: SRG-NET-000280-ALG-000081
Application Layer Gateway (ALG) SRG (SRG):
SRG-NET-000280-ALG-000081
(in version v1 r2)
Title
The ALG that is part of a CDS must block the transfer of data with malformed security attribute metadata structures. (Cat II impact)
Discussion
Enforcing allowed information flows based on metadata enables simpler and more effective flow control. Metadata is information used to describe the characteristics of data. Metadata can include structural metadata describing data structures (e.g., data format, syntax, and semantics) or descriptive metadata describing data contents (e.g., age, location, telephone number). For cross domain solutions, security attributes are defined as, at a minimum, source and destination address.
Check Content
If the ALG is not part of a CDS, this is not applicable. Verify the ALG is configured to block the transfer of data with malformed security attribute metadata structures. If the ALG is not configured to block the transfer of data with malformed security attribute metadata structures, this is a finding.
Fix Text
If the ALG is part of a CDS, configure the ALG to block the transfer of data with malformed security attribute metadata structures.
Additional Identifiers
Rule ID: SV-68737r1_rule
Vulnerability ID: V-54491
Group Title: SRG-NET-000280-ALG-000081
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000030 |
The information system enforces information flow control based on organization-defined metadata. |
CCI-000366 |
The organization implements the security configuration settings. |