A host-based firewall must be configured on the SCOM management servers.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-237440	SCOM-SC-000002	SV-237440r643966_rule		Medium

Description
To prevent a DDoS, a firewall that inspects and drops packets must be configured.

STIG	Date
Microsoft SCOM Security Technical Implementation Guide	2021-03-15

Details

Check Text ( C-40659r643964_chk )
The steps in this check will vary based on the host-based firewall being used in the environment. For Windows Firewall, type wf.msc. Verify that the firewall is set to On. Click on Inbound rules and verify that there are no any-any allow rules in any profile. If McAfee is installed, it will be visible in the system tray. Verify with a McAfee administrator that there are no any-any rules allowing full access. If no host-based firewall is installed, or a host-based firewall is configured to allow all traffic inbound, this is a finding.

Check Text ( C-40659r643964_chk )

The steps in this check will vary based on the host-based firewall being used in the environment.

For Windows Firewall, type wf.msc.

Verify that the firewall is set to On.

Click on Inbound rules and verify that there are no any-any allow rules in any profile.

If McAfee is installed, it will be visible in the system tray. Verify with a McAfee administrator that there are no any-any rules allowing full access.

If no host-based firewall is installed, or a host-based firewall is configured to allow all traffic inbound, this is a finding.

Fix Text (F-40622r643965_fix)
Configure a host-based firewall based on the organization's standards. A full list of ports needed for SCOM to function properly can be found here: https://docs.microsoft.com/en-us/system-center/scom/plan-security-config-firewall?view=sc-om-2019.