Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-17449 | 5.484 | SV-25251r1_rule | ECSC-1 | Medium |
Description |
---|
IPv6 transition technologies will be blocked (IPv6 Block of UDP 3544). |
STIG | Date |
---|---|
Windows 7 Security Technical Implementation Guide | 2012-07-02 |
Check Text ( C-18193r1_chk ) |
---|
Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Outbound Rules “IPv6 Block of UDP 3544” will be configured as follows. (The rule could have been created with a different name – view the properties to determine correct settings.) Navigate to the rule, right click and select Properties. View the following on the tabs specified: General: Enabled and Block the connections Programs and Services: All programs that meet the specified conditions Protocols and Ports: Protocols type - UDP, Local port - 3544, Remote port - All Ports Scope: Any IP addresses (Local and Remote) Advanced: All profiles Note: If a third-party firewall is used, document this with the IAO and mark the Windows firewall settings as Not Applicable. The Desktop/Secure Remote Computing STIGs contain additional requirements for systems used remotely. |
Fix Text (F-17363r1_fix) |
---|
Add the rule with the following steps: Navigate to Outbound Rules. Right click in right pane and select “New Rule”. Select “Port”, Next. Select “All Programs”, Next. Select Protocol Type: UDP. Select Local Port: Specific Ports, Enter 3544. Select Remote Port: All Ports, Next. Select “Any IP address” for both local and remote IP address this rule will match. Next. Select “Block the connection”, Next. Select all (Domain, Private and Public) for When does this rule apply? Next. Supply the Name: IPv6 Block of UDP 3544. Finish. |