From IPSec VPN Gateway Security Technical Implementation Guide
Part of Anti-replay is not enabled for all IPSec security.
Associated with IA controls: ECSC-1
Replay attack is a type of injection attack when an IPSec packet is captured by an attacker and re-inserts it into the legitimate flow to disrupt service or create undesired behavior. IPSec anti-replay service can mitigate a replay attack by running sequence numbers for each end of the tunnel and incrementing it for each packet sent. If a packet that is received does not have the expected sequence number, it is dropped.
Review all IPSec Security Associations configured globally or within IPSec profiles on the VPN gateway and determine if anti-replay is enabled. If anti-replay is not configured, determine if the feature is enabled by default.
Enable anti-replay on all IPSec security associations either within IPSec profiles or as a global command.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer