3.6 Ensure no Allow Rule with Any in Source filed present in the Firewall Rules

Information

The Firewall Rules with Any in the Destination field allows accessing all the IP Addresses of Network from specified Sources configured in the Firewall rules for specific services.

Rationale:

Ideally, the traffic should be explicitly allowed from the specific Source to specific Destination for the required services. This provides better control over the traffic passes through the firewall and reduce the chances of an exploit because of service misconfiguration.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Delete the rule from the firewall which has Any used in the Destination field.

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv7|11.1

Plugin: CheckPoint

Control ID: 77e20f203e8db34a7436fbc120c42efc458946b82cd69bddade0913b54ba22f5