STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway must not use 0.0.0.0 as a listening IP address for any service.

DISA Rule

SV-79807r1_rule

Vulnerability Number

V-65317

Group Title

SRG-NET-000364-ALG-000122

Rule Version

WSDP-AG-000151

Severity

CAT II

CCI(s)

CCI-002403 - The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Weight

Fix Recommendation

Log on to each active domain.

Click Objects >> Protocol Handlers >> HTTP Front Side Handlers.

Click on the name of any Handler listed that uses the IP Address of 0.0.0.0.

Change the IP Address >> Click Apply.

Click Objects >> Protocol Handlers >> HTTPS Front Side Handlers.

Click on the name of any Handler listed that uses the IP Address of 0.0.0.0.

Change the IP Address >> Click Apply >> Click Save Configuration.

Check Contents

Go to Default domain.

Click Status >> Main >> Active Services >> Click Show All Domains.

Review IP addresses assigned to active services. If any list 0.0.0.0, this is a finding.

Vulnerability Number

V-65317

Documentable

False

Rule Version

WSDP-AG-000151

Severity Override Guidance

Go to Default domain.

Click Status >> Main >> Active Services >> Click Show All Domains.

Review IP addresses assigned to active services. If any list 0.0.0.0, this is a finding.

Check Content Reference

Target Key

2859

The DataPower Gateway must not use 0.0.0.0 as a listening IP address for any service.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments