From Firewall Security Requirements Guide
Part of SRG-NET-000362-FW-000159
Associated with: CCI-002385
As a critical security system, perimeter firewalls must be safeguarded with redundancy measures. If the network does not provide safeguards against DoS attacks, network resources will be unavailable to users. Service redundancy techniques reduce the susceptibility of the firewall to many DoS attacks.
Since Service redundancy and load balancing can be a highly complex configuration that can be implemented using a wide variety of configurations, ask the site representative to demonstrate the method used and the configuration. If the perimeter firewall is not configured for service redundancy, load balancing, or other organization-defined safeguards to limit the effects of types of DoS attacks on the network, this is a finding.
Consult vendor configuration guides and knowledge base. Implement one or more methods of service redundancy and/or load balancing (e.g., filter-based forwarding, per-flow load balancing, per-packet load balancing, or hardware redundancy options). The implementation must be tested prior to placing into production.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer