STIGQter STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The BIG-IP Core implementation must be configured to implement load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks to virtual servers.

DISA Rule

SV-215791r557356_rule

Vulnerability Number

V-215791

Group Title

SRG-NET-000362-ALG-000120

Rule Version

F5BI-LT-000217

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure the BIG-IP Core to implement load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks.

Navigate to the BIG-IP System manager >> System >> Configuration >> Local Traffic >> General.

Make the following configurations under "Properties".

Set "Reaper High-water Mark" to 95.

Set "Reaper Low-water Mark" to 85.

Check Contents

Verify the BIG-IP Core implements load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks.

Navigate to the BIG-IP System manager >> System >> Configuration >> Local Traffic >> General.

Verify "Reaper High-water Mark" is set to 95 and "Reaper Low-water Mark" is set to 85.

If the device does not implement load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks, this is a finding.

Vulnerability Number

V-215791

Documentable

False

Rule Version

F5BI-LT-000217

Severity Override Guidance

Verify the BIG-IP Core implements load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks.

Navigate to the BIG-IP System manager >> System >> Configuration >> Local Traffic >> General.

Verify "Reaper High-water Mark" is set to 95 and "Reaper Low-water Mark" is set to 85.

If the device does not implement load balancing to limit the effects of known and unknown types of Denial of Service (DoS) attacks, this is a finding.

Check Content Reference

M

Target Key

4019

Comments