Check: NET-IDPS-016
Network Infrastructure Policy STIG:
NET-IDPS-016
(in versions v10 r6 through v9 r2)
Title
An Intrusion Detection and Prevention System (IDPS) sensor must be deployed to monitor all Demilitarized Zone (DMZ) segments housing public servers. (Cat II impact)
Discussion
The initial step in IDPS deployment is determining where sensors should be placed. Because attacks originate at the enclave perimeter and within the enclave boundary an IDPS implementation at the enclave perimeter only will not suffice. By placing IDPS technology throughout the Enterprise Regional enclaves and stand-alone enclaves, system administrators can track the spread of attacks and take corrective actions to prevent attacks reaching critical resources.
Check Content
Review the DMZ topology and verify public servers are being monitored by an IDPS. If an IDPS sensor is not deployed to monitor all DMZ segments housing public servers, this is a finding.
Fix Text
Place an IDPS sensor in the enclave to monitor public servers.
Additional Identifiers
Rule ID: SV-251335r853642_rule
Vulnerability ID: V-251335
Group Title: NET-IDPS-016
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001097 |
The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system. |
CCI-001255 |
The organization deploys monitoring devices strategically within the information system to collect organization-determined essential information. |
CCI-002668 |
The organization defines the interior points within the information system (e.g., subnetworks, subsystems) where outbound communications will be analyzed to discover anomalies. |