STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The Juniper Networks SRX Series Gateway IDPS must enforce approved authorizations by restricting or blocking the flow of harmful or suspicious communications traffic within the network as defined in the PPSM CAL and vulnerability assessments.

DISA Rule

SV-80873r1_rule

Vulnerability Number

V-66383

Group Title

SRG-NET-000018-IDPS-00018

Rule Version

JUSX-IP-000002

Severity

CAT II

CCI(s)

• CCI-001368 - The information system enforces approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Specify an active IDP policy prior to enabling IDP within a security policy. To configure the active IDP policy, execute the following command in configuration mode:

[edit]
set security idp active-policy <policy name>

Configure Security Policies for IDP inspection. Once the IDP policy is configured, IDP must be enabled on a security policy in order for IDP inspection to be performed. IDP inspection will only be performed on the traffic matching the security policies where IDP is enabled.

To enable IDP on a security policy, enter the following command:

[edit]
set security policies from-zone <FROM ZONE NAME> to-zone <TO ZONE NAME> policy <POLICY
NAME> then permit application-services idp

Check Contents

Review the list of authorized Junos applications, endpoints, services, and protocols that are installed on the PPSM CAL.

Use the following command to show the IDP-specific policies:

[edit]
show security idp

Next, use the show security policies command to display a summary of all the security policies.

[edit]
show security policies

Note: Also inspect the organization's central events log server (e.g., syslog server) for Deny events that match the restrictions in the PPSM CAL.

If security policies do not exist to block or restrict communications traffic that is identified as harmful or suspicious by the PPSM and vulnerability assessment, this is a finding.

Vulnerability Number

V-66383

Documentable

False

Rule Version

JUSX-IP-000002

Severity Override Guidance

Review the list of authorized Junos applications, endpoints, services, and protocols that are installed on the PPSM CAL.

Use the following command to show the IDP-specific policies:

[edit]
show security idp

Next, use the show security policies command to display a summary of all the security policies.

[edit]
show security policies

Note: Also inspect the organization's central events log server (e.g., syslog server) for Deny events that match the restrictions in the PPSM CAL.

If security policies do not exist to block or restrict communications traffic that is identified as harmful or suspicious by the PPSM and vulnerability assessment, this is a finding.

Check Content Reference

M

Target Key

3037

Comments