Title

(CUI) The ENS Firewall must be enabled. (Cat II impact)

Discussion

(CUI) A host-based firewall scans all incoming and outgoing traffic. As it reviews arriving or departing traffic, the Firewall checks its list of rules, which is a set of criteria with associated actions. If the traffic matches all criteria in a rule, the Firewall acts according to the rule, blocking or allowing traffic through. A host-based firewall adds another layer of protection to prevent unauthorized traffic from reaching or leaving the system. To be effective, it must be enabled and properly configured.

Check Content

(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select “Endpoint Security Firewall” from the Product list. From the Category list, select “Options”. Select each configured Options policy. Select “Show Advanced”. Verify Options >> Enable Firewall is selected. Under Advanced, in “Tuning Options” section, verify “Enable Adaptive Mode” is not selected. Verify “Retain existing user-added rules and Adaptive mode rules when this policy is enforced” is not selected. If “Options” is not set to “Enable Firewall”, this is a finding. If either the “Adaptive Mode” or the “Retain existing user-added rules” options are selected, this is a finding.

Fix Text

(CUI) Access the ePO server console. Select Menu >> Policy >> Policy Catalog and then select "Endpoint Security Firewall" from the Product list. From the Category list, select "Options". Select each configured Options policy. Select “Show Advanced”. Under "Options", select "Enable Firewall". Under "Advanced", in “Tuning Options” section, de-select “Enable Adaptive Mode”. Under "Advanced", de-select "Retain existing user-added rules and Adaptive mode rules when this policy is enforced".

Additional Identifiers

Rule ID: SV-230198r879709_rule

Vulnerability ID: V-230198

Group Title: SRG-APP-000332

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.