Attempts to access ports, protocols, or services that are denied are not logged..
An XCCDF Rule
Description
Logging or auditing of failed access attempts is a necessary component for the forensic investigation of security incidents. Without logging there is no way to demonstrate that the access attempt was made or when it was made. Additionally a pattern of access failures cannot be demonstrated to assert that an intended attack was being made as apposed to an accidental intrusion. The IAO/NSO will ensure that all attempts to any port, protocol, or service that is denied are logged.
| Property | Value |
|---|---|
| Responsibility | Information Assurance Officer |
| Potential Impact | If sufficient space is not allowed for logging or auditing, a denial of service or loss of data could be caused by overflowing the space allocated. |
- ID
- SV-6794r1_rule
- Version
- SAN04.020.00
- Severity
- Low
- Updated
Remediation Templates
A Manual Procedure
Develop a plan to implement the logging of failed or rejected ports, protocols or services requests. The plan should include a projection of the storage requirements of the logged events. Obtain CM approval of the plan and execute it.