STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway providing content filtering must protect against known and unknown types of Denial of Service (DoS) attacks by employing rate-based attack prevention behavior analysis (traffic thresholds).

DISA Rule

SV-79761r1_rule

Vulnerability Number

V-65271

Group Title

SRG-NET-000362-ALG-000112

Rule Version

WSDP-AG-000099

Severity

CAT I

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Type “Message Count Monitor” in nav search. Create a new monitor with the desired limits. When configuring any service, activate the count monitor.

Check Contents

Type “Message Count Monitor” in nav search. Verify that Count Monitor exists. Check configuration of any active service to see that count monitor is in effect.

If no monitor is configured for each active service, this is a finding.

Vulnerability Number

V-65271

Documentable

False

Rule Version

WSDP-AG-000099

Severity Override Guidance

Type “Message Count Monitor” in nav search. Verify that Count Monitor exists. Check configuration of any active service to see that count monitor is in effect.

If no monitor is configured for each active service, this is a finding.

Check Content Reference

M

Target Key

2859

Comments