STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: F5 BIG-IP Local Traffic Manager 11.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-215773r557356_rule
V-215773
SRG-NET-000318-ALG-000014
F5BI-LT-000157
CAT II
10
If the BIG-IP Core performs content filtering as part of the traffic management functionality, configure the BIG-IP Core as follows:
Configure a policy in the BIG-IP ASM module to prevent code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.
Apply ASM policy to the applicable Virtual Server(s) in BIG-IP LTM module to prevent code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields when providing content filtering to virtual servers.
If the BIG-IP Core does not perform content filtering as part of the traffic management functionality for virtual servers, this is not applicable.
When content filtering is performed as part of the traffic management functionality, verify the BIG-IP Core is configured as follows:
Verify Virtual Server(s) in the BIG-IP LTM module are configured with an ASM policy to prevent code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select Virtual Servers(s) from the list to verify.
Navigate to the Security >> Policies tab.
Verify that "Application Security Policy" is Enabled and "Policy" is set to use an ASM policy to prevent code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields when providing content filtering to virtual servers.
If the BIG-IP Core is not configured to prevent code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields, this is a finding.
V-215773
False
F5BI-LT-000157
If the BIG-IP Core does not perform content filtering as part of the traffic management functionality for virtual servers, this is not applicable.
When content filtering is performed as part of the traffic management functionality, verify the BIG-IP Core is configured as follows:
Verify Virtual Server(s) in the BIG-IP LTM module are configured with an ASM policy to prevent code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields.
Navigate to the BIG-IP System manager >> Local Traffic >> Virtual Servers >> Virtual Servers List tab.
Select Virtual Servers(s) from the list to verify.
Navigate to the Security >> Policies tab.
Verify that "Application Security Policy" is Enabled and "Policy" is set to use an ASM policy to prevent code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields when providing content filtering to virtual servers.
If the BIG-IP Core is not configured to prevent code injection attacks from being launched against data storage objects, including, at a minimum, databases, database records, queries, and fields, this is a finding.
M
4019