From Network Infrastructure Policy Security Technical Implementation Guide
Part of No deep packet inspection.
Associated with: CCI-001116
Deep packet inspection (DPI) examines the packet beyond the Layer 4 header by examining the payload to identify the application or service. DPI searches for illegal statements, predefined criteria, malformed packets, and malicious code, thereby enabling the IA appliances to make a more informed decision on whether to allow or not allow the packet through. DPI engines can delve into application centric information to allow different applications to be protected in different ways from different threats. Examples of DPI appliances include next-generation firewalls, application layer gateways as well as specific gateways for web, email and SSL traffic.
Determine which type of solution is used for deep packet inspection at the enclave boundary. Acceptable solutions for meeting this requirement are a deep packet inspection firewall, or a stateful packet inspection firewall in conjunction with any combination of application firewalls or application layer gateways. If the organization does not have any implementation of deep packet inspection protecting their network perimeter boundaries, this is a finding. Exception: If the perimeter security for the enclave or B/C/P/S is provisioned via the JRSS, then this requirement is not applicable.
Implement a deep packet inspection solution at the enclave boundaries. Verify any IA appliances used for deep packet inspection are connected, properly configured, and actively inspecting all ingress and egress network traffic.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer