Title

The SEL-2740S must be configured to capture all packets without flow rule match criteria. (Cat II impact)

Discussion

The OTSDN switch must be capable of capturing frames that are not engineered to be in the network and send them to a Security Information and Event Manager (SIEM) or midpoint sensor for analysis.

Check Content

Review the SEL-2740S to ensure that the "no match criteria" rule is set to capture the packet for analysis as a possible injection or intrusion. If the SEL-2740S is not configured to with the "no match criteria" rules for the Security Information and Event Manager (SIEM), this is a finding.

Fix Text

To configure to capture all packets without flow rule match criteria, do the following: 1. Log on to OTSDN Controller using Permission Level 3. 2. Click "Flow Entries" in Navigation Menu. 3. Click "Add Flow" button. 4. Enter a "no match" flow rule for given ports. 5. Click "Submit".

Additional Identifiers

Rule ID: SV-102367r1_rule

Vulnerability ID: V-92279

Group Title: SRG-NET-000512-L2S-000029

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.