An error occurred:

Check: WINFW-000100

Windows Vista STIG: WINFW-000100 (in versions v6 r42 through v6 r41)

Title

Inbound exceptions to the firewall on domain workstations must only allow authorized management systems and remote management hosts. (Cat II impact)

Discussion

Allowing inbound access to domain workstations from other systems may allow lateral movement across systems if credentials are compromised. Limiting inbound connections only from authorized management systems and remote management hosts will help limit this exposure.

Check Content

Verify firewall exceptions for inbound connections on domain workstations only allow authorized management systems and remote management hosts. Review inbound firewall exception rules in Windows Firewall with Advanced Security. Firewall rules can be complex and should be reviewed with the firewall administrator. One method for restricting inbound connections is to only allow exceptions for a specific scope of remote IP addresses. If allowed inbound exceptions are not limited to authorized management systems and remote management hosts, this is a finding. If a third-party firewall is used, ensure comparable settings are in place.

Fix Text

Ensure firewall exceptions to inbound connections on domain workstations only allow authorized management systems and remote management hosts. Firewall rules can be complex and should be thoroughly tested be applying in a production environment. One method for restricting inbound connections is to only allow exceptions for a specific scope of remote IP addresses. For any inbound rules that allow connections from other systems, configure the Scope for Remote IP address to those of authorized management systems and remote management hosts. This may be defined as an IP address, subnet or range. Apply the rule to all firewall profiles. If a third-party firewall is used, configure inbound exceptions to only include authorized remote management hosts.

Additional Identifiers

Rule ID: SV-47849r1_rule

Vulnerability ID: V-36440

Group Title: Inbound Firewall Exception for Administration

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings