Title

(U//FOUO) The HIPS Trusted Network address list allows only acceptable networks. (Cat II impact)

Discussion

Check Content

(U//FOUO) This check needs to be completed for every active policy that controls ePO agents. From the ePO server console, select the asset to be checked, then select ‘Policies,’ followed by ‘Host Intrusion Prevention 7: General’ from the product list. From the ‘Trusted Networks’ category, select the applicable policy. From the ‘Trusted Networks’ section, examine the list of trusted networks. The IP address of the vulnerability scanner (or other required scanning) is the only entry for the allowable trusted network entries that is trusted for Network IPS. If any other entries are present that are trusted for IPS, this is a finding. Note: Other entries can exist, but they cannot be trusted for IPS.

Fix Text

(U//FOUO) Remove the attribute Trusted for IPS from all other networks other than the vulnerability scanner's IP.

Additional Identifiers

Rule ID: SV-15158r1_rule

Vulnerability ID: V-14540

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.