STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security detection application must detect network services that have not been authorized or approved by the organization-defined authorization or approval processes.

DISA Rule

SV-80485r1_rule

Vulnerability Number

V-65995

Group Title

SRG-APP-000463

Rule Version

TMDS-00-000330

Severity

CAT II

CCI(s)

• CCI-002683 - The information system detects network services that have not been authorized or approved by the organization-defined authorization or approval processes.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to detect network services that have not been authorized or approved by the organization-defined authorization or approval processes.

To configure Deep Security to detect unauthorized services through the Intrusion Detection module, go to Policies >> Intrusion Prevention>> Select New >> New intrusion Prevention Rule

- Under Details >> Application type>> Select “New”
- Enter Name of the network services
- Choose the appropriate direction
- Select the appropriate protocol
- Choose the applicable ports

Check Contents

Review the Trend Deep Security server configuration to ensure network services that have not been authorized or approved by the organization-defined authorization or approval processes are detected.

Review the Intrusion Detection policy for approved ports, protocols and services associated within a defined group or a selected computer by:

- Selecting “Computers”, on the top menu bar.
- Choose the appropriate group and within the main page and select a computer for review.
- Double click the selected computer and click “Intrusion Detection”
- Verify the following settings are enabled:
- Configuration: is set to On
- Intrusion Prevention Behavior is set to Prevent or Detect; review local security policy for appropriate setting.
- Assigned Intrusion Prevention Rules: review local security policy for appropriate setting

If the Assigned Intrusion Prevention Rules do not match the local defined policy, this is a finding.

Vulnerability Number

V-65995

Documentable

False

Rule Version

TMDS-00-000330

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure network services that have not been authorized or approved by the organization-defined authorization or approval processes are detected.

Review the Intrusion Detection policy for approved ports, protocols and services associated within a defined group or a selected computer by:

- Selecting “Computers”, on the top menu bar.
- Choose the appropriate group and within the main page and select a computer for review.
- Double click the selected computer and click “Intrusion Detection”
- Verify the following settings are enabled:
- Configuration: is set to On
- Intrusion Prevention Behavior is set to Prevent or Detect; review local security policy for appropriate setting.
- Assigned Intrusion Prevention Rules: review local security policy for appropriate setting

If the Assigned Intrusion Prevention Rules do not match the local defined policy, this is a finding.

Check Content Reference

M

Target Key

2955

Comments