If an automated scheduler is used to provide updates to the sensors, an account on the file server must be defined that will provide access to the signatures only to the sensors.

From Network Infrastructure Policy Security Technical Implementation Guide

Part of Access to signatures is not restricted

Associated with: CCI-000366

SV-20042r2_rule If an automated scheduler is used to provide updates to the sensors, an account on the file server must be defined that will provide access to the signatures only to the sensors.

Vulnerability discussion

In a large scale IDPS deployment, it is common to have an automated update process implemented. This is accomplished by having the updates downloaded on a dedicated secure file server within the management network. The file server should be configured to allow read-only access to the files within the directory on which the signature packs are placed, and then only from the account that the sensors will use. The sensors can then be configured to automatically check the secure file server periodically to look for the new signature packs and to update themselves.

Check content

Review the file server accounts and determine if the accounts with read access to the IDPS signatures are provided only to the IDPS sensors. If there are accounts other than those allocated for the IDPS sensors providing access to the signatures, this is a finding.

Fix text

Secure the signatures from access to accounts for IDS updates.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.