STIGQter: STIG Summary: IBM DataPower ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Jan 2016:

The DataPower Gateway providing content filtering must protect against known types of Denial of Service (DoS) attacks by employing signatures.

DISA Rule

SV-79765r1_rule

Vulnerability Number

V-65275

Group Title

SRG-NET-000362-ALG-000126

Rule Version

WSDP-AG-000101

Severity

CAT II

CCI(s)

CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

Fix Recommendation

XML DoS
Single message attacks: Jumbo Payload, Recursion, Mega Tags, Coercive parsing, Public key; Multiple message: XML flood, Resource hijack. WebGUI Services >> XML Firewall >> Edit XML Firewall XML, Threat Protection tab.

AAA DoS
Protection against DoS flooding attacks. WebGUI Objects >> XML Processing >> AAA Policy, Main tab.

PKCS #7
Document DoS signature-limit protection. WebGUI Objects >> XML Processing >> Processing Action, select Crypto Binary action type.

Service level monitor (SLM) policy. WebGUI Objects >> Monitoring >> SLM Policy.

The DataPower Gateway providing content filtering must protect against known types of Denial of Service (DoS) attacks by employing signatures.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments