SV-20062r1_rule
V-18523
ACLs do not protect against compromised servers
NET-SRVFRM-004
CAT II
10
Review the filter and ensure access from other server segments is denied unless necessary for application operation. The intent of the policy should be to protect servers from a server that has been compromised by an intruder.
Review the firewall protecting the server farm. Vlan configurations should have a filter that secures the servers located on the vlan segment. Identify the source ip addresses that have access to the servers and verify the privilege intended with the SA. The filter should be in a deny by default posture.
If the filter is not defined on the firewall and the architecture contains a layer 3 switch between the firewall and the server, than review the VLAN definition on the L3 switch.
V-18523
False
NET-SRVFRM-004
Review the firewall protecting the server farm. Vlan configurations should have a filter that secures the servers located on the vlan segment. Identify the source ip addresses that have access to the servers and verify the privilege intended with the SA. The filter should be in a deny by default posture.
If the filter is not defined on the firewall and the architecture contains a layer 3 switch between the firewall and the server, than review the VLAN definition on the L3 switch.
M
Information Assurance Officer
513