Check: ENS-FW-000009
Trellix ENS 10.x STIG:
ENS-FW-000009
(in versions v2 r7 through v2 r5)
Title
(CUI) The ENS Firewall must be configured to use FTP protocol inspection. (Cat II impact)
Discussion
(CUI) A host-based firewall scans all incoming and outgoing traffic. As it reviews arriving or departing traffic, the Firewall checks its list of rules, which is a set of criteria with associated actions. If the traffic matches all criteria in a rule, the Firewall acts according to the rule, blocking or allowing traffic through. A host-based firewall adds another layer of protection to prevent unauthorized traffic from reaching or leaving the system. To be effective, it must be enabled and properly configured. Operation across different classification levels or across mixed DoD and non-DoD networks could cause cross-contamination of data, loss of data, data leakage, or unauthorized access. Configuring a CAG/LAG firewall rule will prevent cross-domain traffic.
Check Content
(CUI) NOTE: If McAfee ENS Firewall is being used for host-based Firewall protection, this requirement is applicable and must be met. If the OPORD 16-0080 FRAGO 6 has been released and it is still in the implementation period, this is Not a Finding if configured per the FRAGO steps of implementation. If McAfee Host Intrusion Prevention Firewall is being used for host-based Firewall protection, this check is Not Applicable. Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select “Endpoint Security Firewall” from the Product list. From the Category list, select “Options”. Select each configured Options policy. Verify the Options >> Stateful Firewall >> Use FTP Protocol is selected. If the Options >> Stateful Firewall >> Use FTP Protocol is not selected, this is a finding.
Fix Text
(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select "Endpoint Security Firewall" from the Product list. From the Category list, select "Options". Select each configured Options policy. Select the Options >> Stateful Firewall. Select the Use FTP Protocol option. Click "Save".
Additional Identifiers
Rule ID: SV-230203r772370_rule
Vulnerability ID: V-230203
Group Title: SRG-APP-000272
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001247 |
The information system automatically updates malicious code protection mechanisms. |
Controls
Number | Title |
---|---|
SI-3(2) |
Automatic Updates |