STIGQter STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017: The Juniper Networks SRX Series Gateway IDPS must restrict or block harmful or suspicious communications traffic between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic.

DISA Rule

SV-80875r1_rule

Vulnerability Number

V-66385

Group Title

SRG-NET-000019-IDPS-00019

Rule Version

JUSX-IP-000003

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Specify an active IDP policy prior to enabling IDP within a security policy. To configure the active IDP policy, execute the following command in configuration mode:

[edit]
set security idp active-policy <policy name>

Configure Security Policies for IDP inspection. Once the IDP policy is configured, IDP must be enabled on a security policy in order for IDP inspection to be performed. IDP inspection will only be performed on the traffic matching the security policies where IDP is enabled.

To enable IDP on a security policy, enter the following command:

[edit]
set security policies from-zone <FROM ZONE NAME> to-zone <TO ZONE NAME> policy <POLICY NAME> then permit application-services idp

Check Contents

Verify custom rules exist to drop packets or terminate sessions upon detection of malicious code.

[edit]
show security idp policy

View the rulebase action option for the IDP policies. View the action options of the zone configurations with the IDP option.

If rulebases in active policies are configured for No-Action or Ignore when harmful or suspicious content is detected by signatures, rules, or policies, this is a finding.

Vulnerability Number

V-66385

Documentable

False

Rule Version

JUSX-IP-000003

Severity Override Guidance

Verify custom rules exist to drop packets or terminate sessions upon detection of malicious code.

[edit]
show security idp policy

View the rulebase action option for the IDP policies. View the action options of the zone configurations with the IDP option.

If rulebases in active policies are configured for No-Action or Ignore when harmful or suspicious content is detected by signatures, rules, or policies, this is a finding.

Check Content Reference

M

Target Key

3037

Comments