Details
Unrestricted traffic may contain malicious traffic that poses a threat to an enclave or to other connected networks. Additionally, unrestricted traffic may transit a network, which uses bandwidth and other resources.
Access control policies and access control lists implemented on devices that control the flow of network traffic (e.g., application-level firewalls and Web content filters) ensure the flow of traffic is only allowed from authorized sources to authorized destinations. Networks with different levels of trust (e.g., the Internet or CDS) must be kept separate.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure the BIG-IP AFM module to only allow incoming communications from authorized sources routed to authorized destinations.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system F5.
References
- 800-53|SC-7(11)
- CAT|II
- CCI|CCI-002403
- Rule-ID|SV-74355r1_rule
- STIG-ID|F5BI-AF-000223
- Vuln-ID|V-59925