UCF STIG Viewer Logo

The Windows Firewall must log dropped packets for the Private Profile.


Overview

Finding ID Version Rule ID IA Controls Severity
WN12-FW-000017 WN12-FW-000017 WN12-FW-000017_rule Low
Description
A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of dropped packets for a private network connection will be enabled to maintain an audit trail of potential issues.
STIG Date
Microsoft Windows Server 2012 Domain Controller Security Technical Implementation Guide 2013-07-25

Details

Check Text ( C-WN12-FW-000017_chk )
If the following registry value does not exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\

Value Name: LogDroppedPackets

Type: REG_DWORD
Value: 1

If a third-party firewall is used, verify a comparable setting has been implemented.
Fix Text (F-WN12-FW-000017_fix)
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Windows Firewall Properties (this link will be in the right pane) -> Private Profile Tab -> Logging (select Customize), "Log dropped packets" to "Yes".

Configure a comparable setting if a third-party firewall is used.