Title

(U//FOUO) The HIPS policy enables the automatic blocking of network intruders. (Cat I impact)

Discussion

Check Content

(U//FOUO) This check needs to be completed for every active policy that controls ePO agents. From the ePO server console, select the asset to be checked, then select ‘Policies,’ followed by ‘Host Intrusion Prevention 7:IPS’ from the product list. From the ‘IPS Options’ category, select the applicable policy. From the Windows Only section, ensure the ‘Automatically Block Network Intruders’ is enabled. If the ‘Automatically Block Network Intruders’ is not checked, this is a finding. Note: This can have a potential impact as it relates to the Rogue Sensor if OS fingerprinting is being used as part of the configuration of RSD. The blocking network intruders parameter configured on a host when a sender performs OS fingerprinting may cause the host to block connections that are valid.

Fix Text

(U//FOUO) From the ePO server console, select the applicable policy to be checked for the HIPS for the ePO server. Select IPS Options. From the IPS Options tab, ensure the “Automatically Block Network Intruder” is enabled.

Additional Identifiers

Rule ID: SV-15163r1_rule

Vulnerability ID: V-14545

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.