The BIG-IP Core implementation must be configured to monitor inbound traffic for remote access policy compliance when accepting connections to virtual servers.

From F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide

Part of SRG-NET-000061-ALG-000009

Associated with: CCI-000067

SV-74701r1_rule The BIG-IP Core implementation must be configured to monitor inbound traffic for remote access policy compliance when accepting connections to virtual servers.

Vulnerability discussion

Automated monitoring of remote access traffic allows organizations to detect cyber attacks and also ensure ongoing compliance with remote access policies by inspecting connection activities of remote access capabilities.A remote access policy establishes and documents usage restrictions, configuration/connection requirements, and implementation guidance for each type of remote access allowed prior to allowing connections to the information systems.Remote access methods include both unencrypted and encrypted traffic (e.g., web portals, web content filter, TLS, and webmail). With inbound TLS inspection, the traffic must be inspected prior to being allowed on the enclave's web servers hosting TLS or HTTPS applications. With outbound traffic inspection, traffic must be inspected prior to being forwarded to destinations outside of the enclave, such as external email traffic.

Check content

If the BIG-IP Core does not serve as an intermediary for remote access traffic (e.g., web content filter, TLS, and webmail) for virtual servers, this is not applicable. When intermediary services for remote access communications traffic are provided, verify the BIG-IP Core is configured as follows: Verify Virtual Server(s) in the BIG-IP LTM module are configured with an ASM policy to inspect traffic or forward to a monitoring device for inspection prior to forwarding to inbound destinations. Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab. Select Virtual Servers(s) from the list to verify. Navigate to the Security >> Policies tab. Verify that "Application Security Policy" is Enabled and "Policy" is set to use an ASM policy to monitor inbound traffic for remote access policy compliance when accepting remote access connections to virtual servers. If the BIG-IP Core is not configured to monitor inbound traffic for compliance with remote access security policies, this is a finding.

Fix text

If intermediary services for remote access communications traffic are provided, configure the BIG-IP Core as follows: Configure a policy in the BIG-IP ASM module to monitor inbound traffic for remote access policy compliance. Apply policy to the applicable Virtual Server(s) in the BIG-IP LTM module to monitor inbound traffic for remote access policy compliance when accepting connections to virtual servers.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer