Title

The SA must configure the firewall for the minimum content and protocol inspection requirements. (Cat II impact)

Discussion

Creating a filter to allow a port or service through the firewall without content or protocol inspection creates a direct connection between the host in the private network and a host on the outside; thereby, bypassing additional security measures that could be provided. This places the internal host at a greater risk of exploitation that could make the entire network vulnerable to an attack.

Check Content

Review the firewall configuration and verify both ingress and egress traffic is being inspected. If any traffic is able to leave or enter the enclave without being inspected by the firewall, this is a finding.

Fix Text

Ensure the firewall has content and protocol inspection implemented for all ingress and egress traffic.

Additional Identifiers

Rule ID:

Vulnerability ID: V-14643

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.