STIGQter: STIG Summary: Trend Micro Deep Security 9.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 26 Feb 2016:

Trend Deep Security must continuously monitor inbound communications traffic for unusual or unauthorized activities or conditions.

DISA Rule

SV-80489r1_rule

Vulnerability Number

V-65999

Group Title

SRG-APP-000469

Rule Version

TMDS-00-000340

Severity

CAT II

CCI(s)

• CCI-002661 - The information system monitors inbound communications traffic per organization-defined frequency for unusual or unauthorized activities or conditions.

Weight

10

Fix Recommendation

Configure the Trend Deep Security server to continuously monitor inbound communications traffic for unusual or unauthorized activities or conditions.

To enable Intrusion Prevent within Deep Security, go to “Computers”, on the top menu bar.

- Choose the appropriate group and within the main page and select a computer for review.
- Double click the selected computer and click Intrusion Prevention.
- Enable the following settings:
- Configuration: Set to Inherit or On (according to local security policies)
- Verify “State:” is listing “Activated”
- Assign the appropriate policies under the Assigned Intrusion Prevention Rules.

Check Contents

Review the Trend Deep Security server configuration to ensure inbound communications traffic is continuously monitored for unusual or unauthorized activities or conditions.

Verify the state of the Intrusion Prevent policies:

- Select “Computers” on the top menu bar
- Choose the appropriate group and within the main page and select a computer for review.
- Double click the selected computer and click “Intrusion Prevention”
- Verify the following settings are enabled:
- Configuration: is set to Inherit or On
- “State:” is listing “Activated”
- Policies are defined under the Assigned Intrusion Prevention Rules.

If any of these settings are not configured, this is a finding

Vulnerability Number

V-65999

Documentable

False

Rule Version

TMDS-00-000340

Severity Override Guidance

Review the Trend Deep Security server configuration to ensure inbound communications traffic is continuously monitored for unusual or unauthorized activities or conditions.

Verify the state of the Intrusion Prevent policies:

- Select “Computers” on the top menu bar
- Choose the appropriate group and within the main page and select a computer for review.
- Double click the selected computer and click “Intrusion Prevention”
- Verify the following settings are enabled:
- Configuration: is set to Inherit or On
- “State:” is listing “Activated”
- Policies are defined under the Assigned Intrusion Prevention Rules.

If any of these settings are not configured, this is a finding

Check Content Reference

M

Target Key

2955

Comments