Details

Creating a filter to allow a port or service through the firewall without content or protocol inspection creates a direct connection between the host in the private network and a host on the outside; thereby, bypassing additional security measures that could be provided. This places the internal host at a greater risk of exploitation that could make the entire network vulnerable to an attack.

NOTE: This check requires a manual verification. Review the configuration to verify each port and service has protocol inspection.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Ensure the firewall has content and protocol inspection implemented for all ingress and egress traffic.

Supportive Information

The following resource is also helpful.

• https://iasecontent.disa.mil/stigs/zip/U_Network_Firewall_V8R25_STIG.zip

This control applies to the following type of system Cisco.

References

• CAT|II
• Rule-ID|SV-15269r2_rule
• STIG-ID|NET0366
• Vuln-ID|V-14643

Source

• Tenable.com/audits