3.5 Ensure no Allow Rule with Any in Destination filed present in the Firewall Rules

Information

The Firewall Rules with Any in Source field allows all the IP Addresses of the Network to access the specified destination configured in the Firewall rules for specific services.

Rationale:

Ideally, the traffic should be explicitly allowed from specific Source to specific Destination for the required services. This provides better control over the traffic passes through the firewall and reduce the chances of an exploit because of service misconfiguration.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Delete the rule from the firewall which has Any used in the Source field.

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-2, CSCv7|11.1

Plugin: CheckPoint

Control ID: c66ec2161f8491b30c17011ac80a6fcad35d53955c633ab8fc5f3fde5718b5df