STIGQter: STIG Summary: Symantec ProxySG NDM Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jan 2020:

Symantec ProxySG must enable Attack Detection.

DISA Rule

SV-104305r2_rule

Vulnerability Number

V-94413

Group Title

SRG-APP-000435-NDM-000315

Rule Version

SYMP-NM-000320

Severity

CAT I

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Enable the Attack Detection function for the default settings or fine tune needed by site environment.

1. SSH into the ProxySG console, type "enable".
2. Enter the correct password, type "configure terminal".
3. Press "Enter", and then type "attack-detection".
4. Type "client" and press "Enter", type "enable-limits" and press "Enter".

See "Chapter 73: Preventing Denial of Service Attacks" in the ProxySG Administration Guide to understand the functionality before proceeding. Fine tune the default client limits if there is an operational impact.

Check Contents

Verify Attack Detection is enabled.

1. SSH into the ProxySG console, type "enable".
2. Enter the correct password, type "configure terminal".
3. Press "Enter", type "show attack-detection configuration".
4. Confirm that "client limits enabled" equals "true".

If Attack Detection is not enabled, this is a finding.

Vulnerability Number

V-94413

Documentable

False

Rule Version

SYMP-NM-000320

Severity Override Guidance

Verify Attack Detection is enabled.

1. SSH into the ProxySG console, type "enable".
2. Enter the correct password, type "configure terminal".
3. Press "Enter", type "show attack-detection configuration".
4. Confirm that "client limits enabled" equals "true".

If Attack Detection is not enabled, this is a finding.

Check Content Reference

M

Target Key

3517

Comments