Title

The SDN controller must be configured to employ organization-defined controls by type of denial of service (DoS) to achieve the DoS objective. (Cat II impact)

Discussion

DoS events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of planning to support organizational needs with respect to capacity and bandwidth. Such attacks can occur across a wide range of network protocols (e.g., IPv4, IPv6). A variety of technologies are available to limit or eliminate the origination and effects of DoS events. For example, boundary protection devices can filter certain types of packets to protect system components on internal networks from being directly affected by or the source of DoS attacks. Employing increased network capacity and bandwidth combined with service redundancy also reduces the susceptibility to DoS events.

Check Content

Verify the SDN controller is configured to employ organization-defined controls by type of DoS to achieve the DoS objective. If the SDN controller is not configured to employ organization-defined controls by type of DoS to achieve the DoS objective, this is a finding.

Fix Text

Configure the SDN controller to employ organization-defined controls by type of DoS to achieve the DoS objective.

Additional Identifiers

Rule ID: SV-264312r984181_rule

Vulnerability ID: V-264312

Group Title: SRG-NET-000705

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.