STIGQter: STIG Summary: SEL-2740S L2S Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 02 May 2019:

The SEL-2740S must be configured to packet capture flows.

DISA Rule

SV-102405r1_rule

Vulnerability Number

V-92317

Group Title

SRG-NET-000331-L2S-000001

Rule Version

SELS-SW-000070

Severity

CAT II

CCI(s)

• CCI-001919 - The information system provides the capability for authorized users to select a user session to capture/record or view/hear.

Weight

10

Fix Recommendation

Add specific SEL-2740S flow rules for capturing a copy of packets for user sessions use OpenFlow ALL Groups.

To add an SEL-2740S Group, do the following:
1. Log on to OTSDN Controller using Permission Level 3.
2. Under "Group Entry" General Settings, select "Group ID" and "Group Type".
3. Select appropriate number of Action Buckets dependent upon use case.
4. Determine valid watch port or group, and select supported actions.
5. Click "Submit".

Check Contents

Review the SEL-2740S flow rules to ensure they only include the specific copy rules for capturing ingress and egress flows only on the designated port(s).

Note: A span port can be created to capture based on Flows, ports, or combination.

If the SEL-2740S is configured with flows with wildcard or unnecessary packet forwarding rules, this is a finding.

Vulnerability Number

V-92317

Documentable

False

Rule Version

SELS-SW-000070

Severity Override Guidance

Review the SEL-2740S flow rules to ensure they only include the specific copy rules for capturing ingress and egress flows only on the designated port(s).

Note: A span port can be created to capture based on Flows, ports, or combination.

If the SEL-2740S is configured with flows with wildcard or unnecessary packet forwarding rules, this is a finding.

Check Content Reference

M

Target Key

3385

Comments