STIGQter: STIG Summary: Tanium 7.0 Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 27 July 2018:

Firewall rules must be configured on the Tanium Server for Client-to-Server communications.

DISA Rule

SV-93387r1_rule

Vulnerability Number

V-78681

Group Title

SRG-APP-000142

Rule Version

TANS-SV-000017

Severity

CAT II

CCI(s)

• CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

10

Fix Recommendation

Configure host-based and network firewall rules as required, to include Tanium Clients or Zone Clients over TCP port 17472, bi-directionally allow TCP traffic on port 17472 from any computer to be managed on a local area network to any other computer to be managed on the same local area network.

Check Contents

Consult with the Tanium System Administrator to verify which firewall is being used as a host-based firewall on the Tanium Server.

Access the host-based firewall configuration on the Tanium Server.

Validate rules exist, as required, to include:
Between Tanium Clients or Zone Clients over TCP port 17472, bi-directionally.

If a host-based firewall rule does not exist to allow TCP port 17472, bi-directionally, this is a finding.

Consult with the network firewall administrator and validate rules exist for the following:
Allow TCP traffic on port 17472 from any computer to be managed on a local area network to any other computer to be managed on the same local area network.

If a network firewall rule does not exist to allow TCP port 17472 from any managed computer to any other managed computer on the same local area network, this is a finding.

Vulnerability Number

V-78681

Documentable

False

Rule Version

TANS-SV-000017

Severity Override Guidance

Consult with the Tanium System Administrator to verify which firewall is being used as a host-based firewall on the Tanium Server.

Access the host-based firewall configuration on the Tanium Server.

Validate rules exist, as required, to include:
Between Tanium Clients or Zone Clients over TCP port 17472, bi-directionally.

If a host-based firewall rule does not exist to allow TCP port 17472, bi-directionally, this is a finding.

Consult with the network firewall administrator and validate rules exist for the following:
Allow TCP traffic on port 17472 from any computer to be managed on a local area network to any other computer to be managed on the same local area network.

If a network firewall rule does not exist to allow TCP port 17472 from any managed computer to any other managed computer on the same local area network, this is a finding.

Check Content Reference

M

Target Key

3215

Comments