Title

A host-based firewall must be configured on the SCOM management servers. (Cat II impact)

Discussion

To prevent a DDoS, a firewall that inspects and drops packets must be configured.

Check Content

The steps in this check will vary based on the host-based firewall being used in the environment. For Windows Firewall, type wf.msc. Verify that the firewall is set to On. Click on Inbound rules and verify that there are no any-any allow rules in any profile. If McAfee is installed, it will be visible in the system tray. Verify with a McAfee administrator that there are no any-any rules allowing full access. If no host-based firewall is installed, or a host-based firewall is configured to allow all traffic inbound, this is a finding.

Fix Text

Configure a host-based firewall based on the organization's standards. A full list of ports needed for SCOM to function properly can be found here: https://docs.microsoft.com/en-us/system-center/scom/plan-security-config-firewall?view=sc-om-2019.

Additional Identifiers

Rule ID: SV-237440r643966_rule

Vulnerability ID: V-237440

Group Title: SRG-APP-000435-NDM-000315

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.