The Edge SWG must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-279271	SRG-APP-000435-NDM-000315	SYME-ND-000740	SV-279271r1170700_rule	2025-12-18	1

Description
DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. This requirement addresses the configuration of network devices to mitigate the impact of DoS attacks that have occurred or are ongoing on device availability. For each network device, known and potential DoS attacks must be identified and solutions for each type implemented. A variety of technologies exist to limit or, in some cases, eliminate the effects of DoS attacks (e.g., limiting processes or restricting the number of sessions the device opens at one time). Employing increased capacity and bandwidth, combined with service redundancy, may reduce the susceptibility to some DoS attacks. The security safeguards cannot be defined at the DOD level because they vary according to the capabilities of the individual network devices and the security controls applied on the adjacent networks (for example, firewalls performing packet filtering to block DoS attacks).

Description

DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. This requirement addresses the configuration of network devices to mitigate the impact of DoS attacks that have occurred or are ongoing on device availability. For each network device, known and potential DoS attacks must be identified and solutions for each type implemented. A variety of technologies exist to limit or, in some cases, eliminate the effects of DoS attacks (e.g., limiting processes or restricting the number of sessions the device opens at one time). Employing increased capacity and bandwidth, combined with service redundancy, may reduce the susceptibility to some DoS attacks. The security safeguards cannot be defined at the DOD level because they vary according to the capabilities of the individual network devices and the security controls applied on the adjacent networks (for example, firewalls performing packet filtering to block DoS attacks).

ℹ️ Check
1. In the Edge SWG Web UI and navigate to the Configuration tab. 2. Go to "Authentication" and "Console Access". If under "Console Access" there is no configured ACL, this is a finding. If there is a configured ACL, but "Enforce ACL for built-in administrators" is not checked, this is a finding. 1. Log in to the Edge SWG SSH CLI. 2. Enter "show security". If under "Account" "CLI session timeout" does not say "5 minutes", this is a finding. If under "Account" "Web interface session timeout" does not say "5 minutes", this is a finding. 1. Log in to the Edge SWG SSH CLI. 2. Enter "enable" and "configure terminal". 3. Issue the command "security local-user-list edit local", then type "view". If "Max failed attempts" under "Account lockout" does not equal "3", this is a finding. If "Lockout duration" under "Account lockout" does not equal "900 seconds", this is a finding.

ℹ️ Check

1. In the Edge SWG Web UI and navigate to the Configuration tab. 2. Go to "Authentication" and "Console Access". If under "Console Access" there is no configured ACL, this is a finding. If there is a configured ACL, but "Enforce ACL for built-in administrators" is not checked, this is a finding. 1. Log in to the Edge SWG SSH CLI. 2. Enter "show security". If under "Account" "CLI session timeout" does not say "5 minutes", this is a finding. If under "Account" "Web interface session timeout" does not say "5 minutes", this is a finding. 1. Log in to the Edge SWG SSH CLI. 2. Enter "enable" and "configure terminal". 3. Issue the command "security local-user-list edit local", then type "view". If "Max failed attempts" under "Account lockout" does not equal "3", this is a finding. If "Lockout duration" under "Account lockout" does not equal "900 seconds", this is a finding.

✔️ Fix
1. In the Edge SWG Web UI, navigate to the Configuration tab. 2. Go to "Authentication" and "Console Access". 3. Under "Console Access", click "Add ACL Entry". 4. In the open block, add the IPv4 or IPv6 source address or network under "Source Address", then add the subnet mask or CIDR prefix under "Prefix Length" (e.g., 2001:db8:1:: and 48). 5. Click "Apply" next to the entry. 6. Repeat the above steps by adding all the allowed management prefixes. Note: Ensure the subnet is in one of the allowed IPv4 or IPv6 subnets or the session will be disconnected after clicking "Save". 7. Once completed, click "Save". To add the timeouts: 1. Log in to the Edge SWG SSH CLI. 2. Enter "enable" and "configure terminal". 3. Enter "security management web-timeout 5". 4. Enter "security management cli-timeout 5". To add lockout configurations: 1. Log in to the Edge SWG SSH CLI. 2. Enter "enable" and "configure terminal". 3. Issue the command "security local-user-list create local". 4. Enter "security local-user-list edit local". 5. Enter "max-failed-attempts 3". 6. Enter "lockout-duration 900". 7. Enter "reset-interval 900".

✔️ Fix

1. In the Edge SWG Web UI, navigate to the Configuration tab. 2. Go to "Authentication" and "Console Access". 3. Under "Console Access", click "Add ACL Entry". 4. In the open block, add the IPv4 or IPv6 source address or network under "Source Address", then add the subnet mask or CIDR prefix under "Prefix Length" (e.g., 2001:db8:1:: and 48). 5. Click "Apply" next to the entry. 6. Repeat the above steps by adding all the allowed management prefixes. Note: Ensure the subnet is in one of the allowed IPv4 or IPv6 subnets or the session will be disconnected after clicking "Save". 7. Once completed, click "Save". To add the timeouts: 1. Log in to the Edge SWG SSH CLI. 2. Enter "enable" and "configure terminal". 3. Enter "security management web-timeout 5". 4. Enter "security management cli-timeout 5". To add lockout configurations: 1. Log in to the Edge SWG SSH CLI. 2. Enter "enable" and "configure terminal". 3. Issue the command "security local-user-list create local". 4. Enter "security local-user-list edit local". 5. Enter "max-failed-attempts 3". 6. Enter "lockout-duration 900". 7. Enter "reset-interval 900".