UCF STIG Viewer Logo

Tunnel entry and exit points must be in a deny-by-default security posture.


Overview

Finding ID Version Rule ID IA Controls Severity
V-18648 NET-TUNL-007 SV-20240r2_rule ECSC-1 Medium
Description
Having tunnels in a permit any any posture allow traffic to enter and exit the enclave without control from the Information Assurance team or SA.
STIG Date
Perimeter Router Security Technical Implementation Guide 2018-11-28

Details

Check Text ( C-22367r1_chk )
Follow the procedures defined in NET-TUNL-002 to determine all tunnel entry and exit points, then ensure each end-point is in a deny by default posture inbound and outbound.
Fix Text (F-19293r1_fix)
Apply a deny by default posture on every tunnel end-point.