Title

(CUI) ENS Firewall Rules policies must not contain allow all inbound traffic rules. (Cat II impact)

Discussion

(CUI) The firewall’s default settings are designed for security. Allowing all inbound connections by default introduces the system(s) to various threats. Firewall rule policies must be designed to only include allow rules for the networked applications deployed on the intended host.

Check Content

(CUI) Access the ePO server console. Go to the Policy Catalog (Menu >> Policy >> Policy Catalog). Select "Endpoint Security Firewall" from the Product list. From the Category list, select "Firewall Rules". Inspect each configured Firewall Rules policy. If there are any Allow All inbound connections rules, this is a finding. Note: This rule is only concerned with inbound connections, and does not interfere with the outbound connections rule outlined in ENS-FW-000005.

Fix Text

(CUI) Access the ePO server console. Go to the Policy Catalog (Menu >> Policy >> Policy Catalog). Select "Endpoint Security Firewall" from the Product list. From the Category list, select "Firewall Rules". Inspect the "Firewall Rules" policies and remove any Allow All inbound connection type rules.

Additional Identifiers

Rule ID: SV-256069r882567_rule

Vulnerability ID: V-256069

Group Title: SRG-APP-000272

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.