STIGQter STIGQter: STIG Summary: Tanium 7.3 Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

Firewall rules must be configured on the Tanium Endpoints for Client-to-Server communications.

DISA Rule

SV-234038r612749_rule

Vulnerability Number

V-234038

Group Title

SRG-APP-000142

Rule Version

TANS-CL-000004

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure host-based and network firewall rules as required.

Check Contents

Note: This check is performed for the Tanium Endpoints and must be validated against the HBSS desktop firewall policy applied to the Endpoints.

Consult with the HBSS administration for assistance.

Validate a rule exists within the HBSS HIPS firewall policies for managed clients for the following:

Port Needed: Tanium Clients or Zone Clients over TCP port 17472, bi-directionally.

If a host-based firewall rule does not exist to allow TCP port 17472, bi-directionally, this is a finding.

Consult with the network firewall administrator and validate rules exist for the following:

Allow TCP traffic on port 17472 from any computer to be managed on a local area network to any other computer to be managed on the same local area network.

If a network firewall rule does not exist to allow TCP port 17472 from any managed computer to any other managed computer on the same local area network, this is a finding.

Vulnerability Number

V-234038

Documentable

False

Rule Version

TANS-CL-000004

Severity Override Guidance

Note: This check is performed for the Tanium Endpoints and must be validated against the HBSS desktop firewall policy applied to the Endpoints.

Consult with the HBSS administration for assistance.

Validate a rule exists within the HBSS HIPS firewall policies for managed clients for the following:

Port Needed: Tanium Clients or Zone Clients over TCP port 17472, bi-directionally.

If a host-based firewall rule does not exist to allow TCP port 17472, bi-directionally, this is a finding.

Consult with the network firewall administrator and validate rules exist for the following:

Allow TCP traffic on port 17472 from any computer to be managed on a local area network to any other computer to be managed on the same local area network.

If a network firewall rule does not exist to allow TCP port 17472 from any managed computer to any other managed computer on the same local area network, this is a finding.

Check Content Reference

M

Target Key

5259

Comments