STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The Juniper Networks SRX Series Gateway IDPS must perform real-time monitoring of files from external sources at network entry/exit points.

DISA Rule

SV-80923r1_rule

Vulnerability Number

V-66433

Group Title

SRG-NET-000248-IDPS-00206

Rule Version

JUSX-IP-000027

Severity

CAT II

CCI(s)

• CCI-001242 - The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Weight

10

Fix Recommendation

Configure a dynamic custom attack group which includes attack objects for malicious code monitoring of files. There are many ways to accomplish this; thus, the following is only an example:

[edit]
security idp dynamic-attack-group Malicious-Activity
set category values [ SHELLCODE VIRUS WORMS SPYWARE TROJAN]

Check Contents

Verify a dynamic custom attack group which includes attack objects for malicious code monitoring of files.

show security idp dynamic-attack-group

If a custom attack group exists containing members which include malicious code attack categories, this is a finding.

Vulnerability Number

V-66433

Documentable

False

Rule Version

JUSX-IP-000027

Severity Override Guidance

Verify a dynamic custom attack group which includes attack objects for malicious code monitoring of files.

show security idp dynamic-attack-group

If a custom attack group exists containing members which include malicious code attack categories, this is a finding.

Check Content Reference

M

Target Key

3037

Comments