XP Firewall Standard Profile – Unicast Response

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-17409	5.421	SV-18465r2_rule	ECSC-1	Medium

Description
The receipt of unicast responses to outgoing multicast or broadcast messages will be blocked when not connected to the domain.

STIG	Date
Windows XP Security Technical Implementation Guide	2013-10-01

Details

Check Text ( C-45440r1_chk )
If the following registry value does not exist or is not configured as specified, this is a finding: Registry Hive: HKEY_LOCAL_MACHINE Subkey: \SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\ Value Name: DisableUnicastResponsesToMulticastBroadcast Type: REG_DWORD Value: 1 If a third-party firewall is used, verify a comparable setting has been implemented. The Remote Endpoint STIG contains additional firewall requirements for systems used remotely.

Check Text ( C-45440r1_chk )

If the following registry value does not exist or is not configured as specified, this is a finding:

Registry Hive: HKEY_LOCAL_MACHINE
Subkey: \SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\

Value Name: DisableUnicastResponsesToMulticastBroadcast
Type: REG_DWORD
Value: 1

If a third-party firewall is used, verify a comparable setting has been implemented.

The Remote Endpoint STIG contains additional firewall requirements for systems used remotely.

Fix Text (F-42013r2_fix)
Configure the policy value for Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Standard Profile "Windows Firewall: Prohibit unicast response to multicast or broadcast requests" to "Enabled". Configure a comparable setting if a third-party firewall is used.