The F5 BIG-IP appliance providing content filtering must generate a log record when unauthorized network services are detected.

An XCCDF Rule

Description

<VulnDiscussion>Unauthorized or unapproved network services lack organizational verification or validation, and therefore may be unreliable or serve as malicious rogues for valid services. Examples of network services include service-oriented architectures (SOAs), cloud-based services (e.g., infrastructure as a service, platform as a service, or software as a service), cross-domain, Voice Over Internet Protocol, instant messaging, auto-execute, and file sharing.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-266161r1024391_rule
Severity: Medium
References: CCI-002684
Updated: 19 days ago

AFM ACL:
From the BIG-IP GUI:
1. Security.
2. Network Firewall.
3. Policies.
4. <Policy Name>.5. Configure a rule that uses a "Classification Policy".
Note: To create a Classification Policy, go to Traffic Intelligence >> Policies.
6. Click "Commit Changes to System".

Log Profile:
From the BIG-IP GUI:
1. Security.
2. Event Logs.
3. Logging Profiles.
4. Edit the global-network profile.
5. Check "Enabled" for "Classification".
6. Classification tab.
7. Configure the Log Publisher. (For production environments, F5 recommends using remote logging.)
8. Click "Update".

The F5 BIG-IP appliance providing content filtering must generate a log record when unauthorized network services are detected.

Description

Remediation - Manual Procedure