Check: SRG-NET-000328-ALG-000078
Application Layer Gateway (ALG) SRG (SRG):
SRG-NET-000328-ALG-000078
(in version v1 r2)
Title
The ALG that is part of a CDS, when transferring information between different security domains, must apply the same security policy filtering to metadata as it applies to data payloads. (Cat II impact)
Discussion
Subjecting metadata to the same filtering and inspection policies as payload data helps to mitigate the risk of data compromise through covert channels. This security measure also helps prevent the bypassing of security policy filtering.
Check Content
If the ALG is not part of a CDS, this is not applicable. Verify the ALG is configured to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains. If the ALG is not configured to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains, this is a finding.
Fix Text
If the ALG is part of a CDS, configure the ALG to apply the same security policy filtering to metadata as it applies to data payloads when transferring information between different security domains.
Additional Identifiers
Rule ID: SV-68731r1_rule
Vulnerability ID: V-54485
Group Title: SRG-NET-000328-ALG-000078
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
| CCI-002211 |
The information system, when transferring information between different security domains, applies the same security policy filtering to metadata as it applies to data payloads. |