STIGQter STIGQter: STIG Summary: Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 12 Sep 2017: Kona Site Defender must immediately use updates made to policy enforcement mechanisms to block traffic from organizationally defined IP addresses (i.e., IP blacklist).

DISA Rule

SV-91093r1_rule

Vulnerability Number

V-76397

Group Title

SRG-NET-000019-ALG-000019

Rule Version

AKSD-WF-000004

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Kona Site Defender to block traffic for organizationally defined IP addresses:

1. Log in to the Akamai Luna Portal (https://control.akamai.com).
2. Click the "Configure" tab.
3. Under the "Security" section, select "Security Configuration".
4. If prompted for which product to use, select "Site Defender" and then "Continue".
5. Under the "Security Configurations" sections, click on the most recent version under the "Production" column for the security configuration being reviewed.
6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies.
7. Select the policy being reviewed, click the "Edit" button, and enable the "Network Layer Controls" box.
8. Select the "IP Controls" tab and add the blocked IP addresses.
9. Select the "Network Lists" tab and add/select the blocked network lists.
10. Click the "Save" button and the "Next" button and follow the prompts to complete the process.

Check Contents

Confirm Kona Site Defender is configured to block traffic for organizationally defined IP addresses:

1. Log in to the Akamai Luna Portal (https://control.akamai.com).
2. Click the "Configure" tab.
3. Under the "Security" section, select "Security Configuration".
4. If prompted for which product to use, select "Site Defender" and then "Continue".
5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed.
6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies.
7. Select the policy being reviewed.
8. Verify the "Network Layer Controls" checkbox is enabled.
9. Within the "Network Layer Controls Configuration" section, verify the organizationally defined IP address appear in the "Blocked IPs" area, and the applicable predefined network lists appear in the "Blocked IP Network Lists" area.

If the Network Layer Controls are not enabled and the organizationally defined IP addresses/network lists do not appear in the lists area, this is a finding.

Vulnerability Number

V-76397

Documentable

False

Rule Version

AKSD-WF-000004

Severity Override Guidance

Confirm Kona Site Defender is configured to block traffic for organizationally defined IP addresses:

1. Log in to the Akamai Luna Portal (https://control.akamai.com).
2. Click the "Configure" tab.
3. Under the "Security" section, select "Security Configuration".
4. If prompted for which product to use, select "Site Defender" and then "Continue".
5. Under the "Security Configurations" section, click on the most recent version under the "Production" column for the security configuration being reviewed.
6. The detailed "Security Configuration" page will load listing the protected host names and applicable policies.
7. Select the policy being reviewed.
8. Verify the "Network Layer Controls" checkbox is enabled.
9. Within the "Network Layer Controls Configuration" section, verify the organizationally defined IP address appear in the "Blocked IPs" area, and the applicable predefined network lists appear in the "Blocked IP Network Lists" area.

If the Network Layer Controls are not enabled and the organizationally defined IP addresses/network lists do not appear in the lists area, this is a finding.

Check Content Reference

M

Target Key

3165

Comments