Title

The Windows Firewall must block unsolicited inbound connections for the Domain Profile. (Cat I impact)

Discussion

A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Unsolicited inbound connections may be malicious attempts to gain access to a system. Unsolicited inbound connections for which there is no rule allowing the connection will be blocked in the domain.

Check Content

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Windows Firewall Properties (this link will be in the right pane) -> Domain Profile Tab -> State, "Inbound Connections" to "Block (default)". Configure a comparable setting if a third-party firewall is used.

Additional Identifiers

Rule ID: SV-25220r2_rule

Vulnerability ID: V-17418

Group Title: Windows Firewall Domain - Inbound

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.