Detections
Analytics
CASA-FW-000010 - The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services - ACL Applied
Information
Information flow control regulates where information is allowed to travel within a network and between interconnected networks. Blocking or restricting detected harmful or suspicious communications between interconnected networks enforces approved authorizations for controlling the flow of traffic.The firewall that filters traffic outbound to interconnected networks with different security policies must be configured to permit or block traffic based on organization-defined traffic authorizations.
Solution
Step 1: Configure the ingress ACL similar to the example below.ASA(config)# access-list INSIDE_INextended permit tcp any any eq https
ASA(config)# access-list INSIDE_INextended permit tcp any any eq http
ASA(config)# access-list INSIDE_INextended permit tcp any any eq ...
ASA(config)# access-list INSIDE_INextended deny ip any any log
Step 2: Apply the ACL inbound on all internal interfaces as shown in the example below.
ASA(config)# access-group INSIDE_IN in interface INSIDE
ASA(config)# end
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_ASA_Y26M01_STIG.zip
Item Details
Audit Name: DISA STIG Cisco ASA FW v2r1
Category: ACCESS CONTROL
References: 800-53|AC-4, CAT|I, CCI|CCI-001414, Rule-ID|SV-239852r665842_rule, STIG-ID|CASA-FW-000010, Vuln-ID|V-239852
Plugin: Cisco
Control ID: b351aa03c6b1f90f31f38bb7bb388d02e3d3bf5e35efe0b4536ea1d107c49422