Catalina - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces

Information

The macOS should be configured to prevent Denial of Service (DoS) attacks by enforcing rate-limiting measures on network interfaces.

DoS attacks leave authorized users unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. When this occurs, the organization must operate at degraded capacity; often resulting in an inability to accomplish its mission.

To prevent DoS attacks by ensuring rate-limiting measures on network interfaces, many operating systems can be integrated with enterprise-level firewalls and networking equipment that meet or exceed this requirement.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CCE|CCE-84909-1, CCI|CCI-002385

Plugin: Unix

Control ID: 2632b90d4e78f3ea55c25f1d56d86de4df0ee2bcaa03190fc896f48f7d808ca5