UCF STIG Viewer Logo

The Windows Firewall with Advanced Security must log dropped packets when connected to a private network.


Overview

Finding ID Version Rule ID IA Controls Severity
V-17436 WNFWA-000018 SV-54904r1_rule ECSC-1 Low
Description
A firewall provides a line of defense against attack. To be effective, it must be enabled and properly configured. Logging of dropped packets for a private network connection will be enabled to maintain an audit trail of potential issues.
STIG Date
Windows Firewall with Advanced Security Security Technical Implementation Guide 2014-01-07

Details

Check Text ( C-48663r2_chk )
Verify the registry value below.

If this registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \Software\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\

Value Name: LogDroppedPackets

Type: REG_DWORD
Value: 1
Fix Text (F-47772r1_fix)
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Windows Firewall Properties (this link will be in the right pane) -> Private Profile Tab -> Logging (select Customize), "Log dropped packets" to "Yes".