STIGQter STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The Juniper Networks SRX Series Gateway IDPS must block outbound traffic containing known and unknown DoS attacks by ensuring that rules are applied to outbound communications traffic.

DISA Rule

SV-80885r1_rule

Vulnerability Number

V-66395

Group Title

SRG-NET-000192-IDPS-00140

Rule Version

JUSX-IP-000005

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To enable IDP services on outbound traffic on the device, first create a security policy for the traffic flowing in one direction, then specify the action to be taken on traffic that matches conditions specified in the policy.

[edit security policies from-zone <trusted-zone1-name> to-zone <untrusted-zone-name> policy idp-app-policy-1]
set match source-address any destination-address any application any

[edit security policies from-zone <trusted-zone-name> to-zone untrusted-zone-name> policy <idp-app-policy-name>]
set then permit application-services idp

Check Contents

Determine the names of the IDP policies by asking the site representative. From operational mode, enter the following command to verify outbound zones are configured with an IDP policy.

show security policies

If zones bound to the outbound interfaces, including VPN zones, are not configured with an IDP policy, this is a finding.

Vulnerability Number

V-66395

Documentable

False

Rule Version

JUSX-IP-000005

Severity Override Guidance

Determine the names of the IDP policies by asking the site representative. From operational mode, enter the following command to verify outbound zones are configured with an IDP policy.

show security policies

If zones bound to the outbound interfaces, including VPN zones, are not configured with an IDP policy, this is a finding.

Check Content Reference

M

Target Key

3037

Comments