Details
Automated monitoring of remote access traffic allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by inspecting connection activities of remote access capabilities.
Remote access methods include both unencrypted and encrypted traffic (e.g., web portals, web content filter, TLS, and webmail). With inbound TLS inspection, the traffic must be inspected prior to being allowed on the enclave’s web servers hosting TLS or HTTPS applications.
Remote access security policies provide the guidance and define the traffic that will be monitored. These policies consist of local policies, organizational policies, and DoD policies.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
If intermediary services for remote access communications traffic for virtual servers is supported by the BIG-IP ASM module, configure an ASM security policy to monitor inbound traffic for compliance with remote access security policies, to be applied to the applicable virtual servers in the BIG-IP LTM module.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system F5.
References
- 800-53|AC-17(1)
- CAT|II
- CCI|CCI-000067
- Rule-ID|SV-74497r1_rule
- STIG-ID|F5BI-AS-000031
- Vuln-ID|V-60067