Title

(CUI) The ENS Firewall must be configured to use FTP protocol inspection. (Cat II impact)

Discussion

(CUI) A host-based firewall scans all incoming and outgoing traffic. As it reviews arriving or departing traffic, the firewall checks its list of rules, which is a set of criteria with associated actions. If the traffic matches all criteria in a rule, the firewall acts according to the rule, either blocking or allowing traffic through. A host-based firewall adds another layer of protection to prevent unauthorized traffic from reaching or leaving the system. To be effective, it must be enabled and properly configured. If the option for FTP inspection is set with the Firewall Options policy, when the firewall encounters a connection opened on Port 21, the firewall knows to perform stateful packet inspection on the packets coming through the FTP control channel.

Check Content

(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select “Endpoint Security Firewall” from the Product list. From the Category list, select “Options”. Select each configured Options policy. Verify the Options >> Stateful Firewall >> Use FTP Protocol is selected. If the Options >> Stateful Firewall >> Use FTP Protocol is not selected, this is a finding.

Fix Text

(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select "Endpoint Security Firewall" from the Product list. From the Category list, select "Options". Select each configured Options policy. Select the Options >> Stateful Firewall. Select the Use FTP Protocol option. Click "Save".

Additional Identifiers

Rule ID: SV-230203r879659_rule

Vulnerability ID: V-230203

Group Title: SRG-APP-000272

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.