3.12 Ensure Anti-Spoofing is enabled and action is set to Prevent for all Interfaces

Information

The Anti-Spoofing is a technique which is used to identify and drop the packets that have a false source IP address. The Anti-Spoofing detect mode is only monitor the Anti-spoofing events while prevent mode drops the Anti-spoofing events.

Rationale:

Hackers change the packet's IP address and make a packet which looks like it is from a trusted source. If your network is not protected with the IP-spoofing, hackers can exploit the vulnerability to gain access to the network.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

For all managed gateways enable the Anti-Spoofing, set the Anti-Spoofing action to Prevent and set the tracking to Log.

SmartConsole > Gateways & Servers > select managed Gateway > Network Management > Select each interface > General > Modify
- Checked the Perform Anti-Spoofing based on Interface topology
- Set the Anti-Spoofing action to Prevent
- Set the Spoof Tracking to Log

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|CM-2, 800-53|SI-4, CSCv7|11.1, CSCv7|12.2

Plugin: CheckPoint

Control ID: 80b79c79fe6f9caca8855c71bd49dd113cac7bb3a7a232cf4c5d75992675d9a9