CSCv7|12.7

Title

Deploy Network-Based Intrusion Prevention Systems

Description

Deploy network-based Intrusion Prevention Systems (IPS) to block malicious network traffic at each of the organization's network boundaries.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Boundary Defense

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
4.1.2 Apply IPS Security Profile to Policies	FortiGate	CIS Fortigate 7.0.x Level 1 v1.2.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
6.6 Ensure a Vulnerability Protection Profile is set to block attacks against critical and high vulnerabilities, and set to default on medium, low, and informational vulnerabilities	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
6.6 Ensure a Vulnerability Protection Profile is set to block attacks against critical and high vulnerabilities, and set to default on medium, low, and informational vulnerabilities	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
6.7 Ensure a Vulnerability Protection Profile is set to block attacks against critical and high vulnerabilities, and set to default on medium, low, and informational vulnerabilities	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1