An error occurred:

Check: H37040 - HIP 8 FW

HBSS HIP 8 Firewall: H37040 - HIP 8 FW (in version v1 r14)

Title

(U//FOUO) The Host Intrusion Prevention System (HIPS) Firewall must include a Connection Aware Group (CAG) rule to prevent cross-domain violations. (Cat II impact)

Discussion

Operation across different classification levels or across mixed DoD and non-DoD networks could cause cross contamination of data, loss of data, data leakage, or unauthorized access.

Check Content

(U//FOUO) This check needs to be completed for every active policy that controls McAfee Agents. From the HBSS client, right- click on the McAfee Agent icon in the system tray, then select Manage Features | Host Intrusion Prevention to open the McAfee UI console. Select the “Firewall Policy” tab. Verify that there is a CAG Firewall rule preventing cross domain violations. This can be done by examining the Firewall Rules list and determining which rule exists that limits data transmitted by Domain Suffix. For SIPRNET SIPRNet only, anything other than smil.mil should be blocked. For NIPRNET NIPRNet only, anything other than .mil should be blocked. Additional methods for preventing cross-domain violations are specified in the McAfee HIP 8 Firewall Configuration guide and include methods using the Gateway IP, DHCP IP, DNS servers used to query, WINS server used, registry key and/or Network-Local IP address. These other methods should be vetted and tested thoroughly. Verify cross-domains are listed as blocked domains. If neither CAG Firewall nor a DNS Block Firewall rule exists to prevent cross domain violations, this is a finding.

Fix Text

(U//FOUO) From the ePO server console, select the asset to be checked, then select "Assigned Policies", followed by the correct version of HIPS from the dropdown product list (e.g., Host Intrusion Prevention 8: Firewall). From the "Firewall Rules" category, select the applicable policy. Create a CAG Firewall rule to prevent cross domain violations.

Additional Identifiers

Rule ID: SV-60369r4_rule

Vulnerability ID: V-47487

Group Title: H37040

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check