| Applies to Product: |
 USM Appliance™
|
 LevelBlue OSSIM®
|
|
Testing Procedure |
How USM Appliance Delivers |
USM Appliance Instructions |
USM Appliance Documentation |
|---|---|---|---|
|
1.1.1.c Identify a sample of actual changes made to firewall and router configurations, compare to the change records, and interview responsible personnel to verify the changes were approved and tested. |
USM Appliance has built-in reports to assist in identifying changes made to router and firewall configurations for use in validating that changes were approved and tested. |
Enable the plugin for your firewall/router devices, and enable forwarding of the syslog events from the firewall/router. |
|
|
Run the existing “Firewall Configuration Change” PCI report to show changes made to the firewall. |
|||
|
Additionally, you can enable instant alerting of suspected device configuration changes by creating a directive to Alert on occurrences of the configuration-change events. |
|||
|
1.1.6.b Identify insecure services, protocols, and ports allowed; and verify that security features are documented for each service. |
USM Appliance provides NetFlow collection, which assists in identifying insecure services, protocols and ports that are allowed. |
NIDS in USM Appliance allows for reporting of suspicious or potentially insecure protocols through events. |
|
| Create a directive to Alert on occurrences of such NIDS events, which may detect possible misconfiguration or traffic that is not authorized. | |||
|
1.3.2 Examine firewall and router configurations to verify that inbound Internet traffic is limited to IP addresses within the DMZ. |
USM Appliance provides NetFlow collection, which assists in identifying traffic sources and destinations to help ensure that inbound internet traffic is limited to IP addresses within the DMZ. |
Configure a directive to Alert on any activity from non-authorized networks to the DMZ, which allows for immediate alerting of suspicious traffic from any data source. |
Feedback