Threat Sg.TA.L3SSg2-b.8.2

URI: Sg.TA.L3SSg2-b.8.2

Description: Service connection routing from FromSubnet to ToSubnet via Gateway is allowed by exception: if the route via Gateway from FromSubnet to ToSubnet is blocked by a default firewall policy, then port forwarding is normally used to allow connections where expected between legitimate clients and services.

Threat Type: Primary Threat

Matching Pattern:

MP-L3SSg2-b

Finds a gateway from one IP subnet to a second IP subnet, along with the segment asset representing the route via the gateway, where this route is not blocked by default.

(empty)

CSG-BlockGatewayRoute

ServiceChannelsAllowed at Role_FwdSegment

CSG-DisablePortForwarding-Runtime

If device Gateway blocks unsolicited connections into private subnet ToSubnet, port forwarding is used to allow access to services by legitimate clients. This strategy may represent a run-time adaptation in response to a threat, or a permanent restriction introduced by design or in accordance with an operational policy or user preference. It also triggers threats representing side effects that would be caused by such a restriction.

Threat Sg.TA.L3SSg2-b.8.2

MP-L3SSg2-b

Triggered by Threat (0)

Triggers Secondary Threats (0)

Triggered By Control Strategy (1)

Misbehaviour Sets (1)

Control Strategies (1)