From A10 Networks ADC ALG Security Technical Implementation Guide
Part of SRG-NET-000512-ALG-000062
Associated with: CCI-000366
If outbound communications traffic is not continuously monitored, hostile activity may not be detected and prevented. Output from application and traffic monitoring serves as input to continuous monitoring and incident response programs.
Review the device configuration and ask the device Administrator which templates are used for masking sensitive data. The following command displays the configuration and filters the output on the WAF template section: show run | sec slb template waf If there is no WAF template with the required Mask Request checks, this is a finding.
Review the system or enclave documentation and confer with the data owner(s) if necessary. If any data must be masked before it leaves the enclave (such as credit card numbers, Social Security numbers, or other sensitive information), configure the CCN Mask, SSN Mask, and PCRE Mask Request checks. These checks are applied to a WAF template. The following command replaces all but the last four digits of credit card numbers with an “x” character: ccn-mask The following command replaces all but the last four digits of US Social Security numbers with an “x” character: ssn-mask The following command cloaks patterns in a response that match the specified PCRE pattern: pcre-scrub [pcre-pattern] [keep-end [num-length] |keep-start [num-length] |mask [character]]
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer