Threat Sg.DA.L3SSg2-b.8

URI: Sg.DA.L3SSg2-b.8

Description: Routing between FromSubnet and ToSubnet via Gateway is enabled by default: if this route between IP subnets is enabled for all communications, it could be exploited by an attacker.

Threat Type: Primary Threat

Matching Pattern:

MP-L3SSg2-b

Finds a gateway from one IP subnet to a second IP subnet, along with the segment asset representing the route via the gateway, where this route is not blocked by default.

(empty)

ConnectionsAllowed at Role_FwdSegment

CSG-BlockGatewayRoute

Apply a default firewall rule at gateway host Gateway to drop messages sent via the gateway from FromSubnet to ToSubnet, unless they are service requests or responses.

Threat Sg.DA.L3SSg2-b.8

MP-L3SSg2-b

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (0)

Misbehaviour Sets (1)

Control Strategies (1)