STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017: STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:SV-80875r1_rule
V-66385
SRG-NET-000019-IDPS-00019
JUSX-IP-000003
CAT II
10
Specify an active IDP policy prior to enabling IDP within a security policy. To configure the active IDP policy, execute the following command in configuration mode:
[edit]
set security idp active-policy <policy name>
Configure Security Policies for IDP inspection. Once the IDP policy is configured, IDP must be enabled on a security policy in order for IDP inspection to be performed. IDP inspection will only be performed on the traffic matching the security policies where IDP is enabled.
To enable IDP on a security policy, enter the following command:
[edit]
set security policies from-zone <FROM ZONE NAME> to-zone <TO ZONE NAME> policy <POLICY NAME> then permit application-services idp
Verify custom rules exist to drop packets or terminate sessions upon detection of malicious code.
[edit]
show security idp policy
View the rulebase action option for the IDP policies. View the action options of the zone configurations with the IDP option.
If rulebases in active policies are configured for No-Action or Ignore when harmful or suspicious content is detected by signatures, rules, or policies, this is a finding.
V-66385
False
JUSX-IP-000003
Verify custom rules exist to drop packets or terminate sessions upon detection of malicious code.
[edit]
show security idp policy
View the rulebase action option for the IDP policies. View the action options of the zone configurations with the IDP option.
If rulebases in active policies are configured for No-Action or Ignore when harmful or suspicious content is detected by signatures, rules, or policies, this is a finding.
M
3037