The firewall implementation must protect against TCP SYN floods.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000362-FW-000230 | SRG-NET-000362-FW-000230 | SRG-NET-000362-FW-000230_rule | Medium |
| Description |
|---|
| Denial of Service is a condition when a resource is not available for legitimate users. A SYN-flood attack is a denial-of-service attack where the attacker sends a huge amount of please-start-a-connection packets and then nothing else. This causes the device being attacked to be overloaded with the open sessions and eventually crash. |
| STIG | Date |
|---|---|
| Firewall Security Requirements Guide | 2014-07-07 |
Details
| Check Text ( C-SRG-NET-000362-FW-000230_chk ) |
|---|
| Review the configuration of the firewall implementation. If measures have been configured to negate or mitigate the effects of a SYN flood attack, this is not a finding. If the site has implemented SYN flood protection for the enclave using the premise router, then there is no additional requirement to implement this on the firewall. |
| Fix Text (F-SRG-NET-000362-FW-000230_fix) |
|---|
| Configure measures to negate or mitigate the effects of a SYN flood attack. |