Check: SRG-NET-000385-IDPS-00210
Intrusion Detection and Prevention Systems (IDPS) SRG:
SRG-NET-000385-IDPS-00210
(in versions v2 r6 through v2 r2)
Title
The IDPS must generate a log record when unauthorized network services are detected. (Cat II impact)
Discussion
Unauthorized or unapproved network services lack organizational verification or validation and therefore may be unreliable or serve as malicious rogues for valid services. Examples of network services include service-oriented architectures (SOAs), cloud-based services (e.g., infrastructure as a service, platform as a service, or software as a service), cross-domain, Voice Over Internet Protocol, Instant Messaging, auto-execute, and file sharing.
Check Content
Verify the IDPS generates a log record when unauthorized network services are detected. If the IDPS does not generate a log record when unauthorized network services are detected, this is a finding.
Fix Text
Configure the IDPS to generate a log record when unauthorized network services are detected.
Additional Identifiers
Rule ID: SV-69623r1_rule
Vulnerability ID: V-55377
Group Title: SRG-NET-000385-IDPS-00210
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-002684 |
The information system audits and/or alerts organization-defined personnel when unauthorized network services are detected. |
Controls
| Number | Title |
|---|---|
| SI-4 (22) |
Unauthorized Network Services |