Intrusion Detection and Prevention Systems SRG Version Comparison

There are 7 differences between versions v2 r6 (July 24, 2020) (the "left" version) and v3 r2 (Jan. 30, 2025) (the "right" version).

Check SRG-NET-000705-IDPS-00110 was added to the benchmark in the "right" version.

This check's original form is available here.

Title

The IDPS must employ organization-defined controls by type of denial-of-service (DoS) to achieve the DoS objective.

Check Content

Verify the IDPS is configured to employ organization-defined controls by type of DoS to achieve the denial-of-service objective. If the IDPS is not configured to employ organization-defined controls by type of DoS to achieve the DoS objective, this is a finding.

Discussion

DoS events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth. Such attacks can occur across a wide range of network protocols (e.g., IPv4, IPv6). A variety of technologies are available to limit or eliminate the origination and effects of DoS events. For example, boundary protection devices can filter certain types of packets to protect system components on internal networks from being directly affected by or the source of DoS attacks. Employing increased network capacity and bandwidth combined with service redundancy also reduces the susceptibility to DoS events.

Fix

Configure the IDPS to employ organization-defined controls by type of DoS to achieve the DoS objective.