STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The Juniper Networks SRX Series Gateway IDPS must drop packets or disconnect the connection when malicious code is detected.

DISA Rule

SV-80925r1_rule

Vulnerability Number

V-66435

Group Title

SRG-NET-000249-IDPS-00176

Rule Version

JUSX-IP-000028

Severity

CAT II

CCI(s)

• CCI-001243 - The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection.

Weight

10

Fix Recommendation

This requirement can be met through a custom rule within a policy or drop action option on the zone configuration to which the policy is applied. The following is an example of the command that can be added to the IDP policy. The policy is called Malicious-Activity and the rule is called R1 in this example.

[edit]
set security idp idp-policy Malicious-Activity rulebase-ips rule R1 then action drop-connection

Check Contents

Verify custom rules exist to drop packets or terminate sessions upon detection of malicious code.

[edit]
show security idp policy

View the rulebase action option for the IDP policies.

If rulebases for IDP policies which detect malicious code are not configured with an action of Drop-Packet, Drop-Connection, or some form of session termination, this is a finding.

Vulnerability Number

V-66435

Documentable

False

Rule Version

JUSX-IP-000028

Severity Override Guidance

Verify custom rules exist to drop packets or terminate sessions upon detection of malicious code.

[edit]
show security idp policy

View the rulebase action option for the IDP policies.

If rulebases for IDP policies which detect malicious code are not configured with an action of Drop-Packet, Drop-Connection, or some form of session termination, this is a finding.

Check Content Reference

M

Target Key

3037

Comments