Skip to content

The Palo Alto Networks security platform must protect against the use of internal systems for launching denial-of-service (DoS) attacks against external networks or endpoints.

An XCCDF Rule

Description

<VulnDiscussion>DoS attacks from DOD sources risk the reputation of the organization. Thus, it is important to protect against the DOD system being used to launch an attack on external systems. Although Zone Protections are applied on the ingress interface, at a minimum, DOD requires a zero-trust approach. These attacks may use legitimate internal or rogue endpoints from inside the enclave. These attacks can be simple "floods" of traffic to saturate circuits or devices, malware that consumes CPU and memory on a device or causes it to crash, or a configuration issue that disables or impairs the proper function of a device. For example, an accidental or deliberate misconfiguration of a routing table can misdirect traffic for multiple networks. It is important to set the Flood Protection parameters that are suitable for the enclave or system. The Administrator should characterize the traffic regularly (perform a traffic baseline) and tune these parameters based on that information.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-228842r1028359_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure either a Zone-Based Protection policy or a DoS Protection policy to protect against DoS attacks originating from the enclave.

To configure a DoS Protection policy, perform the following:
Navigate to Objects >> Security Profiles >> DoS Protection.
Select "Add" to create a new profile.
In the "DoS Protection Profile" window, complete the required fields.