Firewall traversal from remote host must be disabled

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35464	DTBC-0001	SV-46751r1_rule	ECSC-1	Medium

Description
Remote connections should never be allowed that bypass the firewall, as there is no way to verify if they can be trusted. "Enables usage of STUN and relay servers when remote clients are trying to establish a connection to this machine. If this setting is enabled, then remote clients can discover and connect to this machine even if they are separated by a firewall. If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine will only allow connections from client machines within the local network. If this policy is left not set the setting will be enabled." - Google Chrome Administrators Policy List

Description

Remote connections should never be allowed that bypass the firewall, as there is no way to verify if they can be trusted. "Enables usage of STUN and relay servers when remote clients are trying to establish a connection to this machine. If this setting is enabled, then remote clients can discover and connect to this machine even if they are separated by a firewall. If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine will only allow connections from client machines within the local network. If this policy is left not set the setting will be enabled." - Google Chrome Administrators Policy List

STIG	Date
Google Chrome v23 Windows STIG	2013-01-11

Details

Check Text ( C-43815r2_chk )
Valid for Chrome Browser version 14 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ Value Name: RemoteAccessHostFirewallTraversal Value Type: Boolean (REG_DWORD) Value Data: 0 Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Configure remote access options\ Policy Name: Enable firewall traversal from remote access host Policy State: Disabled Policy Value: N/A

Check Text ( C-43815r2_chk )

Valid for Chrome Browser version 14 or later.

Windows registry:
Key Path: HKLM\Software\Policies\Google\Chrome\
Value Name: RemoteAccessHostFirewallTraversal
Value Type: Boolean (REG_DWORD)
Value Data: 0

Windows group policy:
Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Configure remote access options\
Policy Name: Enable firewall traversal from remote access host
Policy State: Disabled
Policy Value: N/A

Fix Text (F-40005r1_fix)
Universal method (Requires Chrome Browser v15 or later): 1. In the omnibox (address bar) type chrome://policy 2. If RemoteAccessHostFirewallTraversal is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the RemoteAccessHostFirewallTraversal value name does not exist or its value data is not set to 0, then this is a finding.

Fix Text (F-40005r1_fix)

Universal method (Requires Chrome Browser v15 or later):
1. In the omnibox (address bar) type chrome://policy
2. If RemoteAccessHostFirewallTraversal is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the RemoteAccessHostFirewallTraversal value name does not exist or its value data is not set to 0, then this is a finding.