STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.

DISA Rule

SV-104183r1_rule

Vulnerability Number

V-94229

Group Title

SRG-NET-000019-ALG-000018

Rule Version

SYMP-AG-000070

Severity

CAT I

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Configure ProxySG to restrict access to suspicious or harmful web traffic. Destination security policy must be configured to filter based on destination, headers, geolocation, protocol characteristics, and other available security objects.

1. Log on to the web Management Console.
2. Click Configuration >> Content Filtering.
3. Under "General," ensure that at least one "Provider" is enabled.
4. Click Configuration >> Visual Policy Manager.
5. Click "Launch". While in the Visual Policy Manager, click into each Web Access and SSL Access Layer.
6. Within each layer above, right-click the "Destination" fields of each rule, click "set", and specify URL categories and/or threat risk levels that should be blocked per the organization's security policy.
7. Click File >> Install Policy on SG Appliance.

Check Contents

Verify that ProxySG inspects web traffic for suspicious or harmful traffic. Verify the destination security policy is configured to filter based on destination, headers, geolocation, protocol characteristics, and other available security objects.

1. Log on to the Web Management Console.
2. Click Configuration >> Visual Policy Manager.
3. Click "Launch". While in the Visual Policy Manager, click in to each Web Access and SSL Access Layer.
4. Within each layer above, review each rule and verify that the "Destination" fields are not set to "Any" and that they contain URL categories and/or threat risk levels that should be blocked per the organization's security policy.

If Symantec ProxySG does not restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic, this is a finding.

Vulnerability Number

V-94229

Documentable

False

Rule Version

SYMP-AG-000070

Severity Override Guidance

Verify that ProxySG inspects web traffic for suspicious or harmful traffic. Verify the destination security policy is configured to filter based on destination, headers, geolocation, protocol characteristics, and other available security objects.

1. Log on to the Web Management Console.
2. Click Configuration >> Visual Policy Manager.
3. Click "Launch". While in the Visual Policy Manager, click in to each Web Access and SSL Access Layer.
4. Within each layer above, review each rule and verify that the "Destination" fields are not set to "Any" and that they contain URL categories and/or threat risk levels that should be blocked per the organization's security policy.

If Symantec ProxySG does not restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic, this is a finding.

Check Content Reference

M

Target Key

3515

Comments