1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
Rule:
--
Sid:
1846
--
Summary:
This event is generated when network traffic indicating the use of an
application or service that may violate a corporate security policy.
--
Impact:
This may be a violation of corporate policy since some applications can
be used to bypass security measures designed to restrict the flow of
corporate information to destinations external to the corporation. In
some instances this event may indicate behavior contrary to best
security practices.
--
Detailed Information:
This event may indicate a violation of corporate policy. It may also
indicate the use of services or applications that may be the antithesis
of best security practices.
--
Affected Systems:
All systems
--
Attack Scenarios:
Violation of corporate security policy can manifest serious risk to
company assets.
--
Ease of Attack:
Not applicable
--
False Positives:
None known.
--
False Negatives:
None known.
--
Corrective Action:
Ensure adherence to best security practices and strict adherence to
corporate policy
--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>
--
Additional References:
--
|
