The firewall implementation must protect server VLAN(s) using a deny-by-default security posture.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000018-FW-000206 | SRG-NET-000018-FW-000206 | SRG-NET-000018-FW-000206_rule | Medium |
| Description |
|---|
| Without proper access control of traffic entering or leaving the server VLAN, potential threats, such as a denial of service, data corruption, or theft could occur, resulting in the inability to complete mission requirements by authorized users. Protecting data sitting in a server VLAN is necessary and can be accomplished using access control lists on VLANs provisioned for servers. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2014-07-07 |
Details
| Check Text ( C-SRG-NET-000018-FW-000206_chk ) |
|---|
| Review the device configuration to validate an ACL or rule set with a deny-by-default security posture has been implemented to protect the server VLAN. |
| Fix Text (F-SRG-NET-000018-FW-000206_fix) |
|---|
| Configure an ACL or rule set to protect the server VLAN interface. The ACL or rule set must be in a deny-by-default security posture. |