UCF STIG Viewer Logo

The Windows Firewall with Advanced Security must log dropped packets when connected to a domain.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17426 WNFWA-000010 SV-54877r1_rule ECSC-1 Low
Description
A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of dropped packets for a domain connection will be enabled to maintain an audit trail of potential issues.
STIG Date
Windows Firewall with Advanced Security Security Technical Implementation Guide 2014-01-07

Details

Check Text ( C-48655r2_chk )
If the system is not a member of a domain, the Domain Profile requirements can be marked NA.

Verify the registry value below.

If this registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\

Value Name: LogDroppedPackets

Type: REG_DWORD
Value: 1
Fix Text (F-47745r1_fix)
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Windows Firewall Properties (this link will be in the right pane) -> Domain Profile Tab -> Logging (select Customize), "Log dropped packets" to "Yes".