Check: NET0365
Network Infrastructure Policy STIG:
NET0365
(in versions v10 r6 through v9 r2)
Title
The organization must implement a deep packet inspection solution when protecting perimeter boundaries. (Cat I impact)
Discussion
Deep packet inspection (DPI) examines the packet beyond the Layer 4 header by examining the payload to identify the application or service. DPI searches for illegal statements, predefined criteria, malformed packets, and malicious code, thereby enabling the IA appliances to make a more informed decision on whether to allow or not allow the packet through. DPI engines can delve into application centric information to allow different applications to be protected in different ways from different threats. Examples of DPI appliances include next-generation firewalls, application layer gateways as well as specific gateways for web, email and SSL traffic.
Check Content
Determine which type of solution is used for deep packet inspection at the enclave boundary. Acceptable solutions for meeting this requirement are a deep packet inspection firewall, or a stateful packet inspection firewall in conjunction with any combination of application firewalls or application layer gateways. If the organization does not have any implementation of deep packet inspection protecting their network perimeter boundaries, this is a finding. Exception: If the perimeter security for the enclave or B/C/P/S is provisioned via the JRSS, then this requirement is not applicable.
Fix Text
Implement a deep packet inspection solution at the enclave boundaries. Verify any IA appliances used for deep packet inspection are connected, properly configured, and actively inspecting all ingress and egress network traffic.
Additional Identifiers
Rule ID: SV-251367r806056_rule
Vulnerability ID: V-251367
Group Title: NET0365
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001116 |
The organization prevents the unauthorized exfiltration of information across managed interfaces. |
Controls
Number | Title |
---|---|
SC-7 (10) |
Prevent Unauthorized Exfiltration |