SYMP-AG-000210 - Symantec ProxySG must use a centralized log server.

Information

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Off-loading is a common process in information systems with limited audit storage capacity.

This does not apply to audit logs generated on behalf of the device itself (management).

Solution

Configure audit log off-loading.

1. Log on to the Web Management Console.
2. Browse to Configuration >> Access Logging >> Logs.
3. Configure the 'Upload Client' and 'Upload Schedule' capabilities. (All client types use TCP for communication to the site's event server.)

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SYM_ProxySG_Y20M04_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), CAT|II, CCI|CCI-001851, Rule-ID|SV-104211r1_rule, STIG-ID|SYMP-AG-000210, Vuln-ID|V-94257

Plugin: BlueCoat

Control ID: 5a3610df9a49b62d4b6b480a06b82acb4e22d468cfb1eed47a86473e67dbabdb