STIGQter: STIG Summary: Juniper SRX SG IDPS Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 28 Jul 2017:

The Juniper Networks SRX Series Gateway IDPS must automatically install updates to signature definitions.

DISA Rule

SV-80921r1_rule

Vulnerability Number

V-66431

Group Title

SRG-NET-000251-IDPS-00178

Rule Version

JUSX-IP-000026

Severity

CAT II

CCI(s)

CCI-001247 - The information system automatically updates malicious code protection mechanisms.

Weight

Fix Recommendation

The following example configures automatic updates of the IDP signature database:

Specify the URL to use.

[edit]
set security idp security-package url <DoD repository>

Create a schedule for the automatic downloads.

set security idp security-package automatic interval <interval>
set security idp security-package automatic enable

Also, recommend a local log be created to track when automated updates are performed for troubleshooting purposes.

set system syslog file IDP_OPERATIONS any any match IDP_SCHEDULE

Check Contents

Verify automatic updates are configured.

[edit]
show security idp

If updates are not automatically installed, this is a finding.

Vulnerability Number

V-66431

Documentable

False

Rule Version

JUSX-IP-000026

Severity Override Guidance

Verify automatic updates are configured.

[edit]
show security idp

If updates are not automatically installed, this is a finding.

Check Content Reference

Target Key

3037

The Juniper Networks SRX Series Gateway IDPS must automatically install updates to signature definitions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments