An error occurred:

Check: SYMP-AG-000550

Symantec ProxySG ALG STIG: SYMP-AG-000550 (in versions v1 r3 through v1 r1)

Title

Symantec ProxySG must allow incoming communications only from organization-defined authorized sources routed to organization-defined authorized destinations. (Cat II impact)

Discussion

Unrestricted traffic may contain malicious traffic that poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources. Access control policies and access control lists implemented on devices that control the flow of network traffic (e.g., application-level firewalls and web content filters) ensure the flow of traffic is only allowed from authorized sources to authorized destinations. Networks with different levels of trust (e.g., the Internet or CDS) must be kept separate.

Check Content

Determine what proxy services are enabled on the ProxySG. 1. Log on to the Web Management Console. 2. Browse to Configuration >> Services >> Proxy Services. 3. Review each service specified in the list with the ProxySG administrator to verify that all remote access traffic has been accounted for. 4. Click Configuration >> Policy >> Visual Policy Manager >> Launch. 5. Click each layer and Verify that the "Source" and "Destination" fields for each rule are set to the organizationally defined sources and destinations. If Symantec ProxySG allows incoming communications other than those from organization-defined authorized sources routed to organization-defined authorized destinations, this is a finding.

Fix Text

Configure proxy services. 1. Log on to the Web Management Console. 2. Browse to Configuration >> Services >> Proxy Services. 3. Review each service specified in the list with the ProxySG administrator to ensure that all remote access traffic has been accounted for and add any that are missing per the ProxySG Administration Guide, Chapter 7: Managing Proxy Services. 4. Click Configuration >> Policy >> Visual Policy Manager >> Launch. 5. Click each layer and right-click the "Source" and "Destination" fields for each rule. Select "Set" and set each to the organizationally defined values in accordance with the site's SSP.

Additional Identifiers

Rule ID: SV-104277r1_rule

Vulnerability ID: V-94323

Group Title: SRG-NET-000364-ALG-000122

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002403

The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-7 (11)

Restrict Incoming Communications Traffic