Trend Deep Security must restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems.

From Trend Micro Deep Security 9.x Security Technical Implementation Guide

Part of SRG-APP-000246

Associated with: CCI-001094

SV-80423r1_rule Trend Deep Security must restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems.

Vulnerability discussion

DoS is a condition where a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. Individuals of concern can include hostile insiders or external adversaries that have successfully breached the information system and are using the system as a platform to launch cyber attacks on third parties.Applications and application developers must take the steps needed to ensure users cannot use an authorized application to launch DoS attacks against other systems and networks. For example, applications may include mechanisms that throttle network traffic so users are not able to generate unlimited network traffic via the application. Limiting system resources that are allocated to any user to a bare minimum may also reduce the ability of users to launch some DoS attacks.The methods employed to counter this risk will be dependent upon the application layer methods that can be used to exploit it.

Check content

Review the Trend Deep Security server configuration to ensure the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems is restricted. Deep Security policies for Firewall Rules can be disruptive causing a denial of service to the environment if not properly configured. It is imperative that access to the firewall rule policies be restricted to authorized personnel by enforcing least privileged within the Deep Security, “User management” settings. If role-based access controls are not enforced within the Administration >> User management >> Roles >> [Policy Name] >> Properties >> Policy Rights, this is a finding.

Fix text

Configure the Trend Deep Security server to restrict the ability of individuals to use information systems to launch organization-defined Denial of Service (DoS) attacks against other information systems. Configure the role-based access controls to prevent access to policy modifications within the Administration >> User management >> Roles >> [Policy Name] >> Properties >> Policy Rights. The “Edit” option should only be enabled to authorized users.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer