NET1020 - Interface ACL deny statements are not logged

Information

The network device must log all access control lists (ACL) deny statements.

Auditing and logging are key components of any security architecture. It is essential for security personnel to know what is being done, attempted to be done, and by whom in order to compile an accurate risk assessment. Auditing the actions on network devices provides a means to recreate an attack, or identify a configuration mistake on the device.

NOTE: Nessus returned all access-list statements that are configured with 'deny'. You will still need to manually review the list of deny statements to ensure all of them are set to log.

Solution

Configure interface ACLs to log all deny statements.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Perimeter_Router_L3_Switch_V8R32_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7, CAT|III, Rule-ID|SV-3000r4_rule, STIG-ID|NET1020, Vuln-ID|V-3000

Plugin: Cisco

Control ID: eb854f3ae72a7116f8da48fafafc946f8d6acd94e4e5d95572cf664cfc74a82f