Rule ID
SV-279194r1170667_rule
Version
V1R1
CCIs
Providing too much information in error messages risks compromising the data and security of the application and system. Organizations carefully consider the structure/content of error messages. The required information within error messages will vary based on the protocol and error condition. Information that could be exploited by adversaries includes, for example, ICMP messages that reveal the use of firewalls or access-control lists.
1. Log in to the Edge SWG SSH CLI. 2. Enter "enable". 3. Enter "show exceptions". If there are no user-define d exceptions, this is finding. In the Edge SWG Web UI, navigate to the VPM. Under the Web Access Layer, for the Action on disallowed content, if there is no User-Defined exception implemented, this is a finding.
These procedures will create a user-defined exception page that will show only necessary errors to the proxy user with specific contact information. 1. Log in to the Edge SWG SSH CLI. 2. Enter "enable" and "configure terminal". 3. Enter "exceptions". 4. Enter "create DOD-BLOCKS". 5. Enter "edit DOD-BLOCKS". 6. Enter "inline format EOF". 7. Copy and paste the data below exactly as it appears and edit items such as Organization, email addresses, etc.: <!DOCTYPE html> <html> <head> <title>Denied Access Policy </title> <meta name= "author" content = "SAMPLE ORGANIZATION" > <meta name="description" content = "Denied Access Policy" > <meta name="category" content = "$(exception.category)"> </head> <body> <center> <p> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "Red" ><b>You have reached a website that is currently being blocked due to malicious activity and/or current acceptable use policies.</font><br> <font face= "Arial, Helvetica, sans-serif" size = "4" color = "Red">INTERNET USAGE IS MONITORED AND LOGGED.</font><br> <font face = "Arial, Helvetica, sans-serif" size = "3" color = "Red"><b>Your IP address: $(client.address) <br>Your username: $(user.name) <br> Banned Website: $(url) <br> Website IP address: $(url.address)<br>Banned Category: $(category) <br> Rule Name: $(exception.id)</b></font><br> <br> <font face = "Arial, Helvetica, sans-serif" size = "4" color = "red" > This has been reported by: $(proxy.name)<font><br> <A href='mailto:email@mail.mil?subject=Barred web page $(url),IP address: $(client.address)&body=IP address:$(client.address)%0DYour username:$(user.name)%0DBanned Website:$(url)%0DWebsite IP address:$(url.address)%0DBanned Category:$(category)%0DRule Name:$(exception.id)' > If you have further questions or require assistance click here to send an email <br> to your Information Management Office (IMO) or ORGANIZATION Cyber Security & Risk Management</a></font></a></font> </p> </center> </body> </html> EOF 8. After the EOF, click "Enter". 9. Enter "http-code 403". 1. In the Edge SWG Web UI, navigate to the VPM. 2. Under the Web Access Layer for the Action on disallowed content, click "Set and Add New Object". 3. Select "Return Exception". 4. Enter a name and select "User-defined exception". 5. Select the previously created user-defined exception. 6. Check the box for "Force exception even if later policy would allow request". 7. Click "Set" and repeat steps for other services being proxied. 8. Click "Apply Policy".