STIGQter STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017: The Juniper Networks SRX Series Gateway IDPS must automatically install updates to signature definitions.

DISA Rule

SV-80921r1_rule

Vulnerability Number

V-66431

Group Title

SRG-NET-000251-IDPS-00178

Rule Version

JUSX-IP-000026

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

The following example configures automatic updates of the IDP signature database:

Specify the URL to use.

[edit]
set security idp security-package url <DoD repository>

Create a schedule for the automatic downloads.

set security idp security-package automatic interval <interval>
set security idp security-package automatic enable

Also, recommend a local log be created to track when automated updates are performed for troubleshooting purposes.

set system syslog file IDP_OPERATIONS any any match IDP_SCHEDULE

Check Contents

Verify automatic updates are configured.

[edit]
show security idp

If updates are not automatically installed, this is a finding.

Vulnerability Number

V-66431

Documentable

False

Rule Version

JUSX-IP-000026

Severity Override Guidance

Verify automatic updates are configured.

[edit]
show security idp

If updates are not automatically installed, this is a finding.

Check Content Reference

M

Target Key

3037

Comments