cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
1984
Views
0
Helpful
4
Replies
Beginner

DISA STIG NET0965

I have a 4270-20 (7.1(7)E4) monitoring a network that is required to use the DISA STIGs for certain security settings. there is a requirement (STIG ID NET0965) that requires the following:

The network device must be configured with a maximum wait time of 10 seconds or less to allow a host to establish a TCP connection.

Configure the maximum wait time for TCP connections to be established with the device to 10 seconds or less.

this is possible on a router or switch but can this be configured on the IPS?

Everyone's tags (3)
4 REPLIES 4
Beginner

DISA STIG NET0965

I don't have an answer for you, but would like to share your pain.  I wish DISA would spend the time to document this stuff on the most common platforms for the benefit of the people that are having to implement.  Would save a lot of people a lot of time from having to scour the Internet looking for this information. 

Beginner

DISA STIG NET0965

Perhaps more to the point, when will Cisco submit their IDS/IPS products for JITC testing for inclusion on the DOD UC APL?

Beginner

from Cisco support:

from Cisco support:

 

IPS Signatures
Half-open SYN Attack

 
http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=3050&signatureSubId=0&softwareVersion=6.0&releaseVersion=S774

 

 
IPS Signatures
TCP Session Embryonic Timeout

 
http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=1302&signatureSubId=0&softwareVersion=6.0&releaseVersion=S212

 

from STIG writer:

NET0965 allows the use of filtering thresholds or timeout periods to drop half-open TCP connections.  Using a TCP half-open SYN signature to trigger rate-limiting or blocking meets the first of the two options.

Beginner

Still nothing from Cisco,

Still nothing from Cisco, issue still applicable on 4200 series appliances running 7.1(9)E4. Any ideas?

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards