Palo Alto Networks ALG Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000061-ALG-000009
Group -
SRG-NET-000062-ALG-000011
Group -
SRG-NET-000062-ALG-000092
Group -
SRG-NET-000063-ALG-000012
Group -
The Palo Alto Networks security platform, if used as a TLS gateway/decryption point or VPN concentrator, must use NIST FIPS-validated cryptography to protect the integrity of remote access sessions.
Without cryptographic integrity protections, information can be altered by unauthorized users without detection. Cryptographic mechanisms used for protecting the integrity of information include, ...Rule Medium Severity -
SRG-NET-000077-ALG-000046
Group -
The Palo Alto Networks security platform must log violations of security policies.
Without establishing the source of the event, it is impossible to establish, correlate, and investigate the events leading up to an outage or attack. In order to compile an accurate risk assessment...Rule Low Severity -
SRG-NET-000131-ALG-000085
Group -
SRG-NET-000131-ALG-000085
Group -
SRG-NET-000131-ALG-000086
Group -
The Palo Alto Networks security platform must not enable the DNS proxy.
The Palo Alto Networks security platform can act as a DNS proxy and send the DNS queries on behalf of the clients. DNS queries that arrive on an interface IP address can be directed to different DN...Rule Medium Severity -
SRG-NET-000132-ALG-000087
Group -
SRG-NET-000164-ALG-000100
Group -
SRG-NET-000192-ALG-000121
Group -
SRG-NET-000192-ALG-000121
Group -
The Palo Alto Networks security platform must block phone home traffic.
A variety of Distributed Denial of Service (DDoS) attacks and other attacks use "botnets" as an attack vector. A botnet is a collection of software agents (referred to as "bot"), residing on compro...Rule Medium Severity -
SRG-NET-000192-ALG-000121
Group -
SRG-NET-000202-ALG-000124
Group -
The Palo Alto Networks security platform must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception).
A deny-all, permit-by-exception network communications traffic policy ensures that only those connections that are essential and approved are allowed. As a managed boundary interface between netwo...Rule Medium Severity -
SRG-NET-000213-ALG-000107
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.