Application Layer Gateway Rules : Ensuring unnecessary services are not enabled on the host
  
Ensuring unnecessary services are not enabled on the host
Rule Title: RiOS must not have unrelated or unnecessary services enabled on the host.
STIG ID: RICX-AG-000086
Rule ID: SV-77315r1_rule Severity: CAT II
Vuln ID: V-62825 Class: Unclass
Typically, the SteelHead is installed in the architecture at the perimeter of the network. Installation of unnecessary functions and services on the same host increases the security risk by implementing these functions before the network inspection occurs and opens excessive ports on the firewall for these functions and services to operate. Loading functions that are outside the scope and unrelated to the WAN optimization function is unauthorized and might create an attack vector. Related services include content filtering, traffic analysis, decryption, caching, and traffic inspection tools (for example, firewall, IDS), unrelated services include email, DNS, and web server.
When the solution is deployed using a SteelHead appliance consisting of the RiOS software installed on the SteelHead, administrators are not allowed to install any software that is not part of a Riverbed software upgrade. RiOS enforces this restriction by performing a validity check when an upgrade is attempted.
However, the RiOS software is available in a virtual appliance that can be installed on an organization-provided host. This type of implementation adds a security risk because more ports might be opened in the firewall if placed in the recommended logical position in the architecture (that is, after the router and before the firewall and IDS). The traffic would then be routed for inspection after traversing the WAN optimizer.
Verifying unnecessary services are not enabled on the host
If RiOS, as a virtual appliance, is installed on the SteelHead appliance, this is a security vulnerability finding.
Inspect the services and applications that are installed on the host with the RiOS application suite.
Ask the site representative if a security review using the applicable STIG has been performed on the operating system and applications that are cohosted.
If unrelated or unnecessary services are installed on the same host as the RiOS, this is a security vulnerability finding.
If a security review using the applicable STIG has not been performed on the operating system and applications cohosted on RiOS, this is a security vulnerability finding.
Disabling unnecessary services on the host
Disable or uninstall unrelated or unnecessary services from the host.