STIGQter: STIG Summary: SEL-2740S L2S Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 02 May 2019: STIGQter: STIG Summary: SEL-2740S L2S Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 02 May 2019:SV-102365r1_rule
V-92277
SRG-NET-000512-L2S-000028
SELS-SW-000280
CAT II
10
Configure point-to-point ARP flow rules between every device that must communicate.
To add ARP flow rules on all packet forwarding, do the following:
1. Log on to OTSDN Controller using Permission Level 3.
2. Click "Flow Entries" in Navigation Menu.
3. Click "Add Flow" button.
4. Enter General setting values for "Switch", "Enable". Optional: Enter General Settings for "Table ID", "Priority", "Idle Timeout", and "Hard Timeout".
5. Depending on communication protocol behavior, enter appropriate Match Field values for "ARP Opcode" ("Request" or "Reply"), "ARP Source", "ARP Target", "Communication Service Type (CST) Match", "Ethernet Destination", "Ethernet Source", "Ethernet Type", "InPort", "IP Proto", "IPv4 Destination", "IPv4 Source", "TCP Destination", "TCP Source", "UDP Destination", "UDP Source", "VLAN Priority", and/or "VLAN Virtually ID".
6. Enter appropriate Write-Actions for "Pop VLAN ID", "Push VLAN ID", "Set VLAN ID", "Set VLAN Priority", "Set Queue", "Group by Alias or Value", and/or "Output by Alias or Value".
7. Click "Submit".
Review SEL-2740S ARP flow rules between hosts and ensure they are necessary for the additional flow rules that exist for communications between hosts.
Note: Necessary flows are all ARPs between valid and authorized hosts that should be allowed to talk to each other and the physical path those circuits are allowed to talk.
If the SEL-2740S is configured with wildcard packet forwarding flows that are not for Security Information and Event Manager (SIEM) or unnecessary rules, this is a finding.
V-92277
False
SELS-SW-000280
Review SEL-2740S ARP flow rules between hosts and ensure they are necessary for the additional flow rules that exist for communications between hosts.
Note: Necessary flows are all ARPs between valid and authorized hosts that should be allowed to talk to each other and the physical path those circuits are allowed to talk.
If the SEL-2740S is configured with wildcard packet forwarding flows that are not for Security Information and Event Manager (SIEM) or unnecessary rules, this is a finding.
M
3385