An error occurred:

Check: SRG-NET-000246-IDPS-00175

Intrusion Detection and Prevention Systems (IDPS) SRG: SRG-NET-000246-IDPS-00175 (in versions v2 r6 through v2 r2)

Title

The IDPS must verify the integrity of updates obtained directly from the vendor. (Cat II impact)

Discussion

If the integrity of updates downloaded directly from the vendor is not verified, then malicious code or errors may impact the ability of the IDPS to protect against harmful communication traffic. The recommended verification method depends on the update's format, as follows: 1. For files downloaded from a Web site or FTP site, administrators should compare file checksums provided by the vendor with checksums that they compute for the downloaded files. 2. For updates downloaded automatically through the IDPS user interface, if an update is downloaded as a single file or a set of files, either checksum provided by the vendor should be compared to checksums generated by the administrator, or the IDPS user interface itself should perform some sort of integrity check. In some cases, updates are downloaded and installed as one action, precluding checksum verification. In this case, the IDPS user interface should check each update' s integrity as part of this process. 3. In the case of removable media (e.g., CD, DVD), vendors may not provide a specific method for customers to verify the legitimacy of removable media apparently sent by the vendors. If media verification is a concern, administrators should contact their vendors to determine how the media can be verified, such as comparing vendor-provided checksums to checksums computed for files on the media, or verifying digital signatures on the media's contents to ensure they are valid. Administrators should also consider scanning the media for malware, with the caveat that false positives may be triggered by IDPS signatures for malware on the media.

Check Content

Verify the IDPS verifies the integrity of updates obtained directly from the vendor. If the IDPS does not verify the integrity of updates obtained directly from the vendor, this is a finding.

Fix Text

Configure the IDPS to verify the integrity of updates obtained directly from the vendor.

Additional Identifiers

Rule ID: SV-45683r2_rule

Vulnerability ID: V-34759

Group Title: SRG-NET-000246-IDPS-00175

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001240

The organization updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection