The F5 BIG-IP appliance providing content filtering must generate a log record when unauthorized network services are detected.

An XCCDF Rule

Description

Unauthorized or unapproved network services lack organizational verification or validation, and therefore may be unreliable or serve as malicious rogues for valid services. Examples of network services include service-oriented architectures (SOAs), cloud-based services (e.g., infrastructure as a service, platform as a service, or software as a service), cross-domain, Voice Over Internet Protocol, instant messaging, auto-execute, and file sharing.

ID: SV-266161r1024391_rule
Version: F5BI-AP-300069
Severity: Medium
References: CCI-002684
Updated: 24 days ago

Remediation Templates

AFM ACL:
From the BIG-IP GUI:
1. Security.
2. Network Firewall.
3. Policies.
4. <Policy Name>.5. Configure a rule that uses a "Classification Policy".
Note: To create a Classification Policy, go to Traffic Intelligence >> Policies.
6. Click "Commit Changes to System".

Log Profile:
From the BIG-IP GUI:
1. Security.
2. Event Logs.
3. Logging Profiles.
4. Edit the global-network profile.
5. Check "Enabled" for "Classification".
6. Classification tab.
7. Configure the Log Publisher. (For production environments, F5 recommends using remote logging.)
8. Click "Update".

The F5 BIG-IP appliance providing content filtering must generate a log record when unauthorized network services are detected.

Description

Remediation Templates

A Manual Procedure