STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Symantec ProxySG must use a centralized log server.

DISA Rule

SV-104211r1_rule

Vulnerability Number

V-94257

Group Title

SRG-NET-000334-ALG-000050

Rule Version

SYMP-AG-000210

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Configure audit log off-loading.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Access Logging >> Logs.
3. Configure the "Upload Client" and "Upload Schedule" capabilities. (All client types use TCP for communication to the site's event server.)

Check Contents

Determine whether audit log off-loading is configured.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Access Logging >> Logs.
3. Click "Upload Client" and Verify that a "Client type" is specified. All client types use TCP for communication to the target server (FTP/S, HTTP/S, Kafka, etc.).

If Symantec ProxySG does not use a centralized log server, this is a finding.

Vulnerability Number

V-94257

Documentable

False

Rule Version

SYMP-AG-000210

Severity Override Guidance

Determine whether audit log off-loading is configured.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Access Logging >> Logs.
3. Click "Upload Client" and Verify that a "Client type" is specified. All client types use TCP for communication to the target server (FTP/S, HTTP/S, Kafka, etc.).

If Symantec ProxySG does not use a centralized log server, this is a finding.

Check Content Reference

M

Target Key

3515

Comments