Title

(U) The Host Intrusion Prevention System (HIPS) Firewall must be enabled. (Cat II impact)

Discussion

A host-based firewall adds another layer of protection to prevent unauthorized traffic from reaching or leaving the system. To be effective, it must be enabled and properly configured.

Check Content

(U) This check needs to be completed for every active policy that controls McAfee Agents and whose OS is compatible with the HIP firewall. From the ePO server console, select the asset to be checked, then select "Assigned Policies", followed by the correct version of HIPS from the dropdown product list (e.g., Host Intrusion Prevention 8: Firewall). From the "Firewall Options" category, select the applicable policy. From the "Firewall status" section, verify the "Enabled" option is checked. If the "Enabled" option is not checked, this is a finding.

Fix Text

(U) From the ePO server console, select the asset to be checked, then select "Assigned Policies", followed by the correct version of HIPS from the dropdown product list (e.g., Host Intrusion Prevention 8: Firewall). From the "Firewall Options" category, select the applicable policy. From the "Firewall status" section, check the "Enabled" option.

Additional Identifiers

Rule ID: SV-60331r2_rule

Vulnerability ID: V-14560

Group Title: H36900

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.