The IDPS must perform real-time monitoring of files from external sources at network entry/exit points.

From Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide

Associated with: CCI-001242

SV-69605r1_rule The IDPS must perform real-time monitoring of files from external sources at network entry/exit points.

Vulnerability discussion

Real-time monitoring of files from external sources at network entry/exit points helps to detect covert malicious code before it is downloaded to or executed by internal and external endpoints. Using malicious code, such as viruses, worms, Trojan horses, and spyware, an attacker may gain access to sensitive data and systems.IDPSs innately meet this requirement for real-time scanning for malicious code when properly configured to meet the requirements of this SRG. However, most products perform communications traffic inspection at the packet level.

Check content

Verify the IDPS performs real-time monitoring of files from external sources at network entry/exit points. If the IDPS does not perform real-time monitoring of files from external sources at network entry/exit points, this is a finding.

Fix text

Configure the IDPS to perform real-time monitoring of files from external sources at network entry/exit points.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.