STIGQter STIGQter: STIG Summary: Symantec ProxySG ALG Security Technical Implementation Guide Version: 1 Release: 3 Benchmark Date: 24 Apr 2020:

Symantec ProxySG providing intermediary services for HTTP must inspect outbound HTTP traffic for protocol compliance and protocol anomalies.

DISA Rule

SV-104223r1_rule

Vulnerability Number

V-94269

Group Title

SRG-NET-000512-ALG-000066

Rule Version

SYMP-AG-000270

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the ProxySG to perform inbound and outbound HTTP traffic protocol compliance inspection/enforcement.

Fix 1 (This is an uncommon configuration. If it is found, it has been very deliberately done by the Proxy administrator and cannot/should not be removed without consultation with/advice from the administrator.)
1. Browse to Configuration >> Policy >> Policy Files and click the button to view the installed policy.
2. Using "<Ctrl>-F", perform a search for the exact terms "detect_protocol(no)".
3. If this phrase appears in the policy, work with the ProxySG administrator to determine why this was configured, whether it can be disabled and if so, how to disable it.

Fix 2
1. Browse to Configuration >> Services >> Proxy Services and select each HTTP proxy service to be reviewed and click "Edit Service".
2. Select the "Detect Protocol" checkbox and click "OK".
3. Once all services have been modified, click "Apply".

Check Contents

Check 1 (This is an uncommon configuration. If it is found, it has been deliberately done by the Proxy administrator and cannot/should not be removed without consultation with/advice from the administrator.)
1. Browse to Configuration >> Policy >> Policy Files and click the button to view the installed policy.
2. Using "<Ctrl>-F", perform a search for the exact terms "detect_protocol(no)".

If this phrase appears in the policy file, this is a finding.

Discuss with the ProxySG administrator to determine why this was configured and whether an exception must be approved.

Check 2
1. Browse to Configuration >> Services >> Proxy Services, select each HTTP proxy service to be reviewed, and click "Edit Service".
2. Verify that the "Detect Protocol" checkbox is selected.

If Symantec ProxySG providing intermediary services for HTTP does not inspect inbound HTTP traffic for protocol compliance and protocol anomalies, this is a finding.

Vulnerability Number

V-94269

Documentable

False

Rule Version

SYMP-AG-000270

Severity Override Guidance

Check 1 (This is an uncommon configuration. If it is found, it has been deliberately done by the Proxy administrator and cannot/should not be removed without consultation with/advice from the administrator.)
1. Browse to Configuration >> Policy >> Policy Files and click the button to view the installed policy.
2. Using "<Ctrl>-F", perform a search for the exact terms "detect_protocol(no)".

If this phrase appears in the policy file, this is a finding.

Discuss with the ProxySG administrator to determine why this was configured and whether an exception must be approved.

Check 2
1. Browse to Configuration >> Services >> Proxy Services, select each HTTP proxy service to be reviewed, and click "Edit Service".
2. Verify that the "Detect Protocol" checkbox is selected.

If Symantec ProxySG providing intermediary services for HTTP does not inspect inbound HTTP traffic for protocol compliance and protocol anomalies, this is a finding.

Check Content Reference

M

Target Key

3515

Comments