Details
The IDS or firewall is the first device that is under the sites control that has the possibility to alarm the local staff of an ongoing attack. An alert from either of these devices can be the first indication of an attack or system failure.
NOTE: This check requires a manual review. Determine what clipping levels / thresholds, specific alerts, and how notifications are performed and appropriate for your organizaiton.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Configure the IDS or firewall to alarm the SA of potential attacks or system failure.
Supportive Information
The following resource is also helpful.
This control applies to the following type of system Cisco.
References
- CAT|II
- Rule-ID|SV-3176r2_rule
- STIG-ID|NET0390
- Vuln-ID|V-3176