Check: SRG-NET-000362-ALG-000120
Application Layer Gateway (ALG) SRG (SRG):
SRG-NET-000362-ALG-000120
(in version v1 r2)
Title
The ALG must implement load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks. (Cat II impact)
Discussion
If the network does not provide safeguards against DoS attacks, network resources will be unavailable to users. Load balancing provides service redundancy; which service redundancy reduces the susceptibility of the ALG to many DoS attacks. The ALG must be configured to prevent or mitigate the impact on network availability and traffic flow of DoS attacks that have occurred or are ongoing. This requirement applies to the network traffic functionality of the device as it pertains to handling network traffic. Some types of attacks may be specialized to certain network technologies, functions, or services. For each technology, known and potential DoS attacks must be identified and solutions for each type implemented.
Check Content
Verify the ALG implements load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks. If the device does not implement load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks, this is a finding.
Fix Text
Configure the ALG to implement load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks.
Additional Identifiers
Rule ID: SV-68873r1_rule
Vulnerability ID: V-54627
Group Title: SRG-NET-000362-ALG-000120
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002385 |
The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards. |
Controls
| Number | Title |
|---|---|
| SC-5 |
Denial Of Service Protection |