The DataPower Gateway must not use 0.0.0.0 as a listening IP address for any service.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-65317 | WSDP-AG-000151 | SV-79807r1_rule | Medium |
| Description |
| Using 0.0.0.0 as a listening address allows all interfaces to receive traffic for the service. This creates an unnecessary exposure when services are configured to listen on this address. |
| STIG | Date |
| IBM DataPower ALG Security Technical Implementation Guide | 2016-01-21 |
Details
| Check Text (C-65945r1_chk) |
| Go to Default domain. Click Status >> Main >> Active Services >> Click Show All Domains. Review IP addresses assigned to active services. If any list 0.0.0.0, this is a finding. |
| Fix Text (F-71257r1_fix) |
| Log on to each active domain. Click Objects >> Protocol Handlers >> HTTP Front Side Handlers. Click on the name of any Handler listed that uses the IP Address of 0.0.0.0. Change the IP Address >> Click Apply. Click Objects >> Protocol Handlers >> HTTPS Front Side Handlers. Click on the name of any Handler listed that uses the IP Address of 0.0.0.0. Change the IP Address >> Click Apply >> Click Save Configuration. |