Information
Interfaces which are classified as 'WAN' and are used by a policy should use an IPS sensor which blocks or monitors outgoing connections to botnet sites.
Rationale:
Blocking outgoing connections to known Botnets should be utilized in a Defense In Depth network design.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
On GUI:
1. Configure relevant IPS profiles with 'Scan Outgoing Connections to Botnet Sites' set to 'Block'.
2. Apply relevant IPS profile on all firewall policies with traffic exiting the network to a 'WAN' interface.
Default Value:
'Scan Outgoing Connections to Botnet Sites' is disabled on default profile.