The DataPower Gateway providing content filtering must continuously monitor inbound communications traffic crossing internal security boundaries for unusual or unauthorized activities or conditions.

From IBM DataPower ALG Security Technical Implementation Guide

Part of SRG-NET-000390-ALG-000139

Associated with: CCI-002661

SV-79779r1_rule The DataPower Gateway providing content filtering must continuously monitor inbound communications traffic crossing internal security boundaries for unusual or unauthorized activities or conditions.

Vulnerability discussion

If inbound communications traffic is not continuously monitored, hostile activity may not be detected and prevented. Output from application and traffic monitoring serves as input to continuous monitoring and incident response programs.Internal monitoring includes the observation of events occurring on the network crosses internal boundaries at managed interfaces such as web content filters. Depending on the type of ALG, organizations can monitor information systems by monitoring audit activities, application access patterns, characteristics of access, content filtering, or unauthorized exporting of information across boundaries. Unusual/unauthorized activities or conditions may include large file transfers, long-time persistent connections, unusual protocols and ports in use, and attempted communications with suspected malicious external addresses.

Check content

Verify a service, such as a MultiProtocol Gateway, by clicking the icon on the Control Panel. Click the name of the service in the list >> Set the Name and back end destination for the service. Under MultiProtocol Gateway Policy, click “...” to inspect the Policy >> Verify the Rule Direction is set to Client to Server. Double-click the existing Match Action on the rule line and verify it is set to default-accept-service providers. Double-click the Validate action >> Verify that it is set to a schema file. Double-click the AAA action to open it >> Click “...” to inspect the AAA Policy >> Follow the wizard steps to review the desired policy. When done, click cancel >> Click Cancel or Close window to close the Policy. If these items have not been configured, this is a finding.

Fix text

Create a new service, such as a MultiProtocol Gateway, by clicking the icon on the Control Panel. Click Add to create a new service >> Set the Name and back end destination for the service. Under MultiProtocol Gateway Policy, click “+” to create a new Policy >> Provide a name for the Policy >> Click New Rule >> Set the Rule Direction to Client to Server >> Double-click the existing Match Action on the rule line and select default-accept-service providers >> Drag the Validate action down onto the processing line >> Double-click the action. Upload the necessary schema definition file to the action >> Click Done. Drag the AAA action onto the processing line after the Validate action >> Double-click the action to open it >> Click “+” to create a new AAA Policy >> Follow the wizard steps to create the desired policy. When done, close the action >> Click Apply to complete the Policy. Complete the Gateway configuration by clicking Apply.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer