Check: NET-IDPS-018
Network Infrastructure Policy STIG:
NET-IDPS-018
(in versions v10 r6 through v9 r2)
Title
An Intrusion Detection and Prevention System (IDPS) sensor must be deployed to monitor the network segment hosting web, application, and database servers. (Cat II impact)
Discussion
Attacks can originate within the enclave boundary. Hence, deploying an IDPS on the network segment hosting web, application, and database servers is imperative. The servers are critical resource and the network segment hosting them will receive the most traffic within the enclave. Deploying IDPS on this network is promotes defense-in-depth principles that will enable operations to detect attacks quickly and take corrective actions.
Check Content
Review topology of the network segment hosting the web, application, and database servers. If this segment is not being monitored by an IDPS sensor, this is a finding.
Fix Text
Implement an IDPS strategy to monitor the network segment hosting web, application, and database servers.
Additional Identifiers
Rule ID: SV-251336r853643_rule
Vulnerability ID: V-251336
Group Title: NET-IDPS-018
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001097 |
The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system. |
CCI-001255 |
The organization deploys monitoring devices strategically within the information system to collect organization-determined essential information. |
CCI-002668 |
The organization defines the interior points within the information system (e.g., subnetworks, subsystems) where outbound communications will be analyzed to discover anomalies. |