JUSX-IP-000027 - The Juniper Networks SRX Series Gateway IDPS must perform real-time monitoring of files from external sources at network entry/exit points.

Information

Real-time monitoring of files from external sources at network entry/exit points helps to detect covert malicious code before it is downloaded to or executed by internal and external endpoints. Using malicious code, such as viruses, worms, Trojan horses, and spyware, an attacker may gain access to sensitive data and systems.

IDPSs innately meet this requirement for real-time scanning for malicious code when properly configured to meet the requirements of this STIG. However, most products perform communications traffic inspection at the packet level.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Configure a dynamic custom attack group which includes attack objects for malicious code monitoring of files. There are many ways to accomplish this; thus, the following is only an example:

[edit]
security idp dynamic-attack-group Malicious-Activity
set category values [ SHELLCODE VIRUS WORMS SPYWARE TROJAN]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Juniper_SRX_SG_Y24M10_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1., CAT|II, CCI|CCI-002624, Rule-ID|SV-214633r997700_rule, STIG-ID|JUSX-IP-000027, STIG-Legacy|SV-80923, STIG-Legacy|V-66433, Vuln-ID|V-214633

Plugin: Juniper

Control ID: 5ba0457ee2aad3795284d3382c1c98b8f84c5822e7bf4ec1d2b5b972efe7c0dc