Skip to content
Catalogs
XCCDF
Solaris 11 X86 Security Technical Implementation Guide
SRG-OS-000480
The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception).
The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception). An XCCDF Rule
The boundary protection system (firewall) must be configured to deny network traffic by default and must allow network traffic by exception (i.e., deny all, permit by exception).
Medium Severity
<VulnDiscussion>A firewall that relies on a deny all, permit by exception strategy requires all traffic to have explicit permission before traversing an interface on the host. The firewall must incorporate stateful packet filtering and logging.
Nonlocal maintenance and diagnostic communications often contain sensitive information and must be protected. The security of these remote accesses can be ensured by sending nonlocal maintenance and diagnostic communications through encrypted channels enforced via firewall configurations.
Satisfies: SRG-OS-000074, SRG-OS-000096, SRG-OS-000112, SRG-OS-000113, SRG-OS-000125, SRG-OS-000250, SRG-OS-000393</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>