Title

The Windows Firewall must log dropped packets for the Domain Profile. (Cat III impact)

Discussion

A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of dropped packets for a domain connection will be enabled to maintain an audit trail of potential issues.

Check Content

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Windows Firewall Properties (this link will be in the right pane) -> Domain Profile Tab -> Logging (select Customize), "Log dropped packets" to "Yes". Configure a comparable setting if a third-party firewall is used.

Additional Identifiers

Rule ID: SV-25228r2_rule

Vulnerability ID: V-17426

Group Title: Windows Firewall Domain - Log Dropped Packets

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.