284 – Define maximum number of connections

Summary

Each port must have a maximum number of connections defined per source IP.

Description

Some attacks aim to exhaust a system's resources by establishing a large number of connections without intending to complete them. Setting connection limits per source IP helps to prevent connection exhaustion attacks, where attackers try to overwhelm the system with a high volume of incomplete connections. For example, in the case of Distributed Denial-of-Service (DDoS) attacks, where multiple compromised systems are used to flood a target with traffic, setting connection limits per source IP can mitigate the impact by restricting the number of connections from each individual source.

Supported In

Advanced: True

References

• CIS-16_10. Apply secure design principles in application architectures
• OWASP10-A5. Security misconfiguration
• CMMC-AC_L1-3_1_20. External connections
• CMMC-SC_L2-3_13_7. Split tunneling
• HITRUST-01_j. User authentication for external connections
• HITRUST-01_l. Remote diagnostic and configuration port protection
• HITRUST-01_n. Network connection control
• ISSAF-S_5_1. Web server security - Countermeasures (secure administrative access)
• PTES-7_7. Post Exploitation - Persistence
• NIST800171-1_20. Verify and control/limit connections to and use of external systems
• C2M2-9_3_d. Implement IT and OT asset security for cybersecurity architecture

Last updated

2024/01/18