An error occurred:

Check: SRC-EPT-630

SRC - Remote Endpoint: SRC-EPT-630 (in version v2 r7)

Title

Configure the IPSec VPN client to use attributes such as 3DES, tunnel encapsulation mode, and a FIPS 140-2 approved authentication algorithm. (Cat II impact)

Discussion

An approved algorithm must be used in order to protect data during the VPN session. (Remote Only)

Check Content

Interview the network administrator to ensure both the VPN appliance and the client software use IPSec tunneling protocol to secure traffic sent between the network and remote access devices. That is, the tunneling protocol selected in the VPN configuration must be IPSec only. Next, navigate to the IPSec configuration tab of the VPN appliance; the IPSec attribute values selected must be AES, ESP, and MD5. The above settings are controlled in the VPN network appliance configuration, but encryption protocol and authentication protocol settings in the client configuration must be compatible or the client’s remote connection request will be unsuccessful. Configuration of the network device is beyond the scope of this requirement, however, these settings are addressed in the VPN procedures document required in SRC-EPT-620. View the dial-up VPN client communications security properties using the following steps. Select “Setting” from the Start Menu. Select “Network and Dial-up Connections”. Select the VPN connection used for connection to the remote network. (Hint: The type will be Virtual Private Network). Right click and select “properties” and select the “Security” tab. Verify data encryption is turned on. Refer to SRC-EPT-800 for instructions on verifying Tunnel mode is enabled on the client. If the IPSec tunneling protocol is not enabled for VPN communications between the client and VPN appliance, this is a finding. If the concentrator is not configured to use ESP and AES, this is a finding. If the VPN client used is not FIPs 140-1/2 compliant, this is a finding.

Fix Text

Ensure that IPSEC is being used.

Additional Identifiers

Rule ID: SV-6822r1_rule

Vulnerability ID: V-6674

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check