STIGQter: STIG Summary: Firewall Security Requirements Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The firewall implementation must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks.

DISA Rule

SV-206693r604133_rule

Vulnerability Number

V-206693

Group Title

SRG-NET-000193

Rule Version

SRG-NET-000193-FW-000030

Severity

CAT II

CCI(s)

• CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Weight

10

Fix Recommendation

Configure a stateless firewall filter to set rate limits based on a destination of the packets. Apply the stateless firewall filter to all inbound interfaces.

Check Contents

Use the "show" command to verify that all inbound interfaces have a stateless firewall filter to set rate limits based on a destination.

If the firewall does not have a stateless firewall filter that sets rate limits based on a destination, this is a finding.

Vulnerability Number

V-206693

Documentable

False

Rule Version

SRG-NET-000193-FW-000030

Severity Override Guidance

Use the "show" command to verify that all inbound interfaces have a stateless firewall filter to set rate limits based on a destination.

If the firewall does not have a stateless firewall filter that sets rate limits based on a destination, this is a finding.

Check Content Reference

M

Target Key

2912

Comments