Sub-Requirement 1.1.7

Illustrative Controls and the TIBCO LogLogic Solution

Administrators must identify and document all risky protocols and services that are allowed to pass through the firewall. Documentation should include reasons for use of protocol and security features implemented. These risky services include, but are not limited to, FTP (21/tcp), Telnet (23/tcp), Rlogin (513/tcp), Rsh (514/tcp), Netbios (137-139/tcp,udp), and others. Administrators can utilize the following custom reports to help identify risky services and protocols.

To add additional services that are considered risky to the organization, administrators can modify the advanced options in these custom reports. Administrators should also configure network policy alerts to get immediate notification of any allowed risky services.

Reports and Alerts

Use the following link/reference to see the 1.1.7 reports and alerts: 1.1.7 on page 83.