Check: GEN008540
Solaris 9 X86 STIG:
GEN008540
(in version v1 r9)
Title
The system's local firewall must implement a deny-all, allow-by-exception policy. (Cat II impact)
Discussion
A local firewall protects the system from exposing unnecessary or undocumented network services to the local enclave. If a system within the enclave is compromised, firewall protection on an individual system continues to protect it from attack.
Check Content
Determine if the system's local firewall implements a deny-all, allow-by-exception policy. If it does not, this is a finding.
Fix Text
Configure the system's local firewall to implement a deny-all, allow-by-exception policy.
Additional Identifiers
Rule ID: SV-26258r1_rule
Vulnerability ID: V-22583
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001109 |
The information system at managed interfaces denies network communications traffic by default and allows network communications traffic by exception (i.e., deny all, permit by exception). |
Controls
Number | Title |
---|---|
SC-7 (5) |
Deny By Default / Allow By Exception |