Title

Configure the endpoint firewall to block operationally unneeded ports. (Cat I impact)

Discussion

Blocking all unneeded ports protects the device from potential attacks and worms. (Remote Only)

Check Content

Inspect the configuration of the host-based firewall installed on the endpoint devices. Examples of ports which are needed for operation are as follows: SMTP, SSL, HTTP, and HTTPS. If other ports are open, request the IAO provide documented justification showing these ports are needed for site operations. If this documentation does not exist, this is a finding. The method of access to the firewall configuration will vary with the actual software. However, in general, the configuration can be viewed by clicking on the program icon in the desktop tray or by using the Startup Programs menu. Select the Configuration or Settings button/option and view the advanced custom settings for the Internet Zone.

Fix Text

Block all unneeded ports.

Additional Identifiers

Rule ID: SV-6804r1_rule

Vulnerability ID: V-6658

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.