Detections
Analytics
F5BI-AP-300069 - The F5 BIG-IP appliance providing content filtering must generate a log record when unauthorized network services are detected.
Information
Unauthorized or unapproved network services lack organizational verification or validation, and therefore may be unreliable or serve as malicious rogues for valid services.Examples of network services include service-oriented architectures (SOAs), cloud-based services (e.g., infrastructure as a service, platform as a service, or software as a service), cross-domain, Voice Over Internet Protocol, instant messaging, auto-execute, and file sharing.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
AFM ACL:From the BIG-IP GUI:
1. Security.
2. Network Firewall.
3. Policies.
4. <Policy Name>.
5. Configure a rule that uses a "Classification Policy".
Note: To create a Classification Policy, go to Traffic Intelligence >> Policies.
6. Click "Commit Changes to System".
Log Profile:
From the BIG-IP GUI:
1. Security.
2. Event Logs.
3. Logging Profiles.
4. Edit the global-network profile.
5. Check "Enabled" for "Classification".
6. Classification tab.
7. Configure the Log Publisher. (For production environments, F5 recommends using remote logging.)
8. Click "Update".
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_F5_BIG-IP_TMOS_Y25M07_STIG.zip
Item Details
Audit Name: DISA F5 BIG-IP TMOS ALG STIG v1r2
Category: SYSTEM AND INFORMATION INTEGRITY
References: 800-53|SI-4(22), CAT|II, CCI|CCI-002684, Rule-ID|SV-266161r1024391_rule, STIG-ID|F5BI-AP-300069, Vuln-ID|V-266161
Plugin: F5
Control ID: 3f2eb39d3114ecb23759dcf4793c1f772148b237cbd43376547c8b7f8da61eb0