STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The Juniper Networks SRX Series Gateway IDPS must block outbound traffic containing known and unknown DoS attacks by ensuring that anomaly-based attack objects are applied to outbound communications traffic.

DISA Rule

SV-80891r1_rule

Vulnerability Number

V-66401

Group Title

SRG-NET-000192-IDPS-00140

Rule Version

JUSX-IP-000007

Severity

CAT II

CCI(s)

• CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Weight

10

Fix Recommendation

Create a protocol anomaly-based attack object:

Specify a name for the attack.
[edit]
security idp custom-attack anomaly1

Specify common properties for the attack.
[edit security idp custom-attack anomaly1]
set severity info
set time-binding scope peer count 2

Specify the attack type and test condition.
[edit]
security idp custom-attack anomaly1
set attack-type anomaly test OPTIONS_UNSUPPORTED

Specify other properties for the anomaly attack.
[edit]
security idp custom-attack anomaly1
set attack-type anomaly service TCP
u set attack-type anomaly direction any
attack-type anomaly shellcode spark

Check Contents

From operational mode, enter the following command to verify that the anomaly-based attack object was created.

show idp security policies

If anomaly-based attack objects are not created, bound to a zone, and active, this is a finding.

Vulnerability Number

V-66401

Documentable

False

Rule Version

JUSX-IP-000007

Severity Override Guidance

From operational mode, enter the following command to verify that the anomaly-based attack object was created.

show idp security policies

If anomaly-based attack objects are not created, bound to a zone, and active, this is a finding.

Check Content Reference

M

Target Key

3037

Comments