STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing anomaly-based detection.

DISA Rule

SV-80911r2_rule

Vulnerability Number

V-66421

Group Title

SRG-NET-000362-IDPS-00197

Rule Version

JUSX-IP-000018

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Create a protocol anomaly-based attack object:

Specify a name for the attack.
[edit]
security idp custom-attack anomaly1

Specify common properties for the attack.
[edit security idp custom-attack anomaly1]
set severity info
set time-binding scope peer count 2

Specify the attack type and test condition.
[edit]
security idp custom-attack anomaly1set attack-type anomaly test OPTIONS_UNSUPPORTED

Specify other properties for the anomaly attack.
[edit]
security idp custom-attack anomaly1]
set attack-type anomaly service TCP
u set attack-type anomaly direction any
attack-type anomaly shellcode spark

Check Contents

Verify that the anomaly-based attack object was created.

[edit]
show idp security policies

If anomaly-based attack objects are not created, bound to a zone, and active, this is a finding.

Vulnerability Number

V-66421

Documentable

False

Rule Version

JUSX-IP-000018

Severity Override Guidance

Verify that the anomaly-based attack object was created.

[edit]
show idp security policies

If anomaly-based attack objects are not created, bound to a zone, and active, this is a finding.

Check Content Reference

M

Target Key

3037

Comments