Big Sur - Protect Against Denial of Service Attacks by Ensuring Rate-Limiting Measures on Network Interfaces

Information

The macOS should be configured to prevent Denial of Service (DoS) attacks by enforcing rate-limiting measures on network interfaces.

DoS attacks leave authorized users unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. When this occurs, the organization must operate at degraded capacity; often resulting in an inability to accomplish its mission.

To prevent DoS attacks by ensuring rate-limiting measures on network interfaces, many operating systems can be integrated with enterprise-level firewalls and networking equipment that meet or exceed this requirement.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented, but this finding cannot be considered fixed.

See Also

https://github.com/usnistgov/macos_security

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CCE|CCE-85363-0, CCI|CCI-002385

Plugin: Unix

Control ID: f76c7e3b31b0d63c8313339eb443a97a3d418bf5c870a3405f211b7c9ccac663