Title

(CUI) The ENS Firewall must be enabled with intrusion alerts. (Cat II impact)

Discussion

(CUI) A host-based firewall scans all incoming and outgoing traffic. As it reviews arriving or departing traffic, the Firewall checks its list of rules, which is a set of criteria with associated actions. If the traffic matches all criteria in a rule, the Firewall acts according to the rule, blocking or allowing traffic through. A host-based firewall adds another layer of protection to prevent unauthorized traffic from reaching or leaving the system. To be effective, it must be enabled and properly configured.

Check Content

(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select “Endpoint Security Firewall” from the Product list. From the Category list, select “Options”, select policy and then verify “Protection Options” is set to “Enable firewall intrusion alerts”. If the Protection Options is not set to “Enable firewall intrusion alerts”, this is a finding.

Fix Text

(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select "Endpoint Security Firewall" from the Product list. From the Category list, select "Options” and for "Protection Options" select “Enable firewall intrusion alerts”. Click "Save".

Additional Identifiers

Rule ID: SV-230196r879659_rule

Vulnerability ID: V-230196

Group Title: SRG-APP-000272

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.