STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway must have ICMP responses disabled on all interfaces facing untrusted networks.

DISA Rule

SV-79731r1_rule

Vulnerability Number

V-65241

Group Title

SRG-NET-000273-ALG-000129

Rule Version

WSDP-AG-000061

Severity

CAT II

CCI(s)

• CCI-001312 - The information system generates error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

Weight

10

Fix Recommendation

In the DataPower web interface, navigate to Ethernet interface >> Network settings >> Internet Control Message Protocol (ICMP) Disable. Set the Administrative State to "Disable".

Check Contents

View each interface that is connected to a network that is less trusted or untrusted. In the DataPower web interface, navigate to Ethernet interface >> Network settings >> Internet Control Message Protocol (ICMP) Disable.

If the Administrative State is not "Disable", this is a finding.

Vulnerability Number

V-65241

Documentable

False

Rule Version

WSDP-AG-000061

Severity Override Guidance

View each interface that is connected to a network that is less trusted or untrusted. In the DataPower web interface, navigate to Ethernet interface >> Network settings >> Internet Control Message Protocol (ICMP) Disable.

If the Administrative State is not "Disable", this is a finding.

Check Content Reference

M

Target Key

2859

Comments