StigData/Processed/WindowsFirewall-All-1.6.xml
|
<DISASTIG id="Windows_Firewall" version="1.6" created="10/19/2017"> <ManualRule dscresourcemodule="None"> <Rule id="V-36440" severity="medium" conversionstatus="pass" title="Inbound Firewall Exception for Administration" dscresource="none"> <IsNullOrEmpty>False</IsNullOrEmpty> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>This requirement is NA for servers and non domain workstations. Verify firewall exceptions for inbound connections on domain workstations only allow authorized management systems and remote management hosts. Review inbound firewall exception rules in Windows Firewall with Advanced Security. Firewall rules can be complex and should be reviewed with the firewall administrator. One method for restricting inbound connections is to only allow exceptions for a specific scope of remote IP addresses. If allowed inbound exceptions are not limited to authorized management systems and remote management hosts, this is a finding.</rawString> </Rule> </ManualRule> <RegistryRule dscresourcemodule="PSDesiredStateConfiguration"> <Rule id="V-17415.a" severity="medium" conversionstatus="pass" title="Windows Firewall Domain - Enable Firewall" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ Type: REG_DWORD Value Name: EnableFirewall Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>EnableFirewall</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17415.b" severity="medium" conversionstatus="pass" title="Windows Firewall Domain - Enable Firewall" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ Type: REG_DWORD Value Name: EnableFirewall Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>EnableFirewall</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17416.a" severity="medium" conversionstatus="pass" title="Windows Firewall Private - Enable Firewall" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\ Type: REG_DWORD Value Name: EnableFirewall Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>EnableFirewall</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17416.b" severity="medium" conversionstatus="pass" title="Windows Firewall Private - Enable Firewall" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ Type: REG_DWORD Value Name: EnableFirewall Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>EnableFirewall</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17417.a" severity="medium" conversionstatus="pass" title="Windows Firewall Public - Enable Firewall" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\ Type: REG_DWORD Value Name: EnableFirewall Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>EnableFirewall</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17417.b" severity="medium" conversionstatus="pass" title="Windows Firewall Public - Enable Firewall" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\ Type: REG_DWORD Value Name: EnableFirewall Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>EnableFirewall</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17418.a" severity="high" conversionstatus="pass" title="Windows Firewall Domain - Inbound" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ Type: REG_DWORD Value Name: DefaultInboundAction Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>DefaultInboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17418.b" severity="high" conversionstatus="pass" title="Windows Firewall Domain - Inbound" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ Type: REG_DWORD Value Name: DefaultInboundAction Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>DefaultInboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17419.a" severity="medium" conversionstatus="pass" title="Windows Firewall Domain - Outbound" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ Type: REG_DWORD Value Name: DefaultOutboundAction Value: 0x00000000 (0)</rawString> <ValueData>0</ValueData> <ValueName>DefaultOutboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17419.b" severity="medium" conversionstatus="pass" title="Windows Firewall Domain - Outbound" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ Type: REG_DWORD Value Name: DefaultOutboundAction Value: 0x00000000 (0)</rawString> <ValueData>0</ValueData> <ValueName>DefaultOutboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17425.a" severity="low" conversionstatus="pass" title="Windows Firewall Domain - Log Size" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging</Key> <OrganizationValueRequired>True</OrganizationValueRequired> <OrganizationValueTestString>{0} -ge '16384'</OrganizationValueTestString> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\ Type: REG_DWORD Value Name: LogFileSize Value: 0x00004000 (16384) (or greater)</rawString> <ValueData /> <ValueName>LogFileSize</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17425.b" severity="low" conversionstatus="pass" title="Windows Firewall Domain - Log Size" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging</Key> <OrganizationValueRequired>True</OrganizationValueRequired> <OrganizationValueTestString>{0} -ge '16384'</OrganizationValueTestString> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\ Type: REG_DWORD Value Name: LogFileSize Value: 0x00004000 (16384) (or greater)</rawString> <ValueData /> <ValueName>LogFileSize</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17426.a" severity="low" conversionstatus="pass" title="Windows Firewall Domain - Log Dropped Packets" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\ Type: REG_DWORD Value Name: LogDroppedPackets Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogDroppedPackets</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17426.b" severity="low" conversionstatus="pass" title="Windows Firewall Domain - Log Dropped Packets" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\ Type: REG_DWORD Value Name: LogDroppedPackets Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogDroppedPackets</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17427.a" severity="low" conversionstatus="pass" title="Windows FW Domain - Log Successful Connections" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging\ Type: REG_DWORD Value Name: LogSuccessfulConnections Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogSuccessfulConnections</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17427.b" severity="low" conversionstatus="pass" title="Windows FW Domain - Log Successful Connections" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging\ Type: REG_DWORD Value Name: LogSuccessfulConnections Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogSuccessfulConnections</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17428.a" severity="high" conversionstatus="pass" title="Windows Firewall Private – Inbound" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\ Type: REG_DWORD Value Name: DefaultInboundAction Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>DefaultInboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17428.b" severity="high" conversionstatus="pass" title="Windows Firewall Private – Inbound" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ Type: REG_DWORD Value Name: DefaultInboundAction Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>DefaultInboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17429.a" severity="medium" conversionstatus="pass" title="Windows Firewall Private - Outbound" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\ Type: REG_DWORD Value Name: DefaultOutboundAction Value: 0x00000000 (0)</rawString> <ValueData>0</ValueData> <ValueName>DefaultOutboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17429.b" severity="medium" conversionstatus="pass" title="Windows Firewall Private - Outbound" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ Type: REG_DWORD Value Name: DefaultOutboundAction Value: 0x00000000 (0)</rawString> <ValueData>0</ValueData> <ValueName>DefaultOutboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17435.a" severity="low" conversionstatus="pass" title="Windows Firewall Private - Log Size" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging</Key> <OrganizationValueRequired>True</OrganizationValueRequired> <OrganizationValueTestString>{0} -ge '16384'</OrganizationValueTestString> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\ Type: REG_DWORD Value Name: LogFileSize Value: 0x00004000 (16384) (or greater)</rawString> <ValueData /> <ValueName>LogFileSize</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17435.b" severity="low" conversionstatus="pass" title="Windows Firewall Private - Log Size" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging</Key> <OrganizationValueRequired>True</OrganizationValueRequired> <OrganizationValueTestString>{0} -ge '16384'</OrganizationValueTestString> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ Type: REG_DWORD Value Name: LogFileSize Value: 0x00004000 (16384) (or greater)</rawString> <ValueData /> <ValueName>LogFileSize</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17436.a" severity="low" conversionstatus="pass" title="Windows Firewall Private - Log Dropped Packets" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\ Type: REG_DWORD Value Name: LogDroppedPackets Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogDroppedPackets</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17436.b" severity="low" conversionstatus="pass" title="Windows Firewall Private - Log Dropped Packets" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ Type: REG_DWORD Value Name: LogDroppedPackets Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogDroppedPackets</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17437.a" severity="low" conversionstatus="pass" title="Windows FW Private - Log Successful Connections" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging\ Type: REG_DWORD Value Name: LogSuccessfulConnections Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogSuccessfulConnections</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17437.b" severity="low" conversionstatus="pass" title="Windows FW Private - Log Successful Connections" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging\ Type: REG_DWORD Value Name: LogSuccessfulConnections Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogSuccessfulConnections</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17438.a" severity="high" conversionstatus="pass" title="Windows Firewall Public – Inbound " dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\ Type: REG_DWORD Value Name: DefaultInboundAction Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>DefaultInboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17438.b" severity="high" conversionstatus="pass" title="Windows Firewall Public – Inbound " dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\ Type: REG_DWORD Value Name: DefaultInboundAction Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>DefaultInboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17439.a" severity="medium" conversionstatus="pass" title="Windows Firewall Public - Outbound " dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\ Type: REG_DWORD Value Name: DefaultOutboundAction Value: 0x00000000 (0)</rawString> <ValueData>0</ValueData> <ValueName>DefaultOutboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17439.b" severity="medium" conversionstatus="pass" title="Windows Firewall Public - Outbound " dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\ Type: REG_DWORD Value Name: DefaultOutboundAction Value: 0x00000000 (0)</rawString> <ValueData>0</ValueData> <ValueName>DefaultOutboundAction</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17442" severity="medium" conversionstatus="pass" title="Windows Firewall Public - Local Firewall Rules" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>If the system is not a member of a domain, this is NA. If the firewall's Public Profile is not enabled (see V-17417), this requirement is also a finding. Verify the registry value below. If this registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\ Value Name: AllowLocalPolicyMerge Type: REG_DWORD Value: 0x00000000 (0)</rawString> <ValueData>0</ValueData> <ValueName>AllowLocalPolicyMerge</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17443" severity="medium" conversionstatus="pass" title="Windows Firewall Public - Local Connection Rules" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>If the system is not a member of a domain, this is NA. If the firewall's Public Profile is not enabled (see V-17417), this requirement is also a finding. Verify the registry value below. If this registry value does not exist or is not configured as specified, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\ Value Name: AllowLocalIPsecPolicyMerge Type: REG_DWORD Value: 0x00000000 (0)</rawString> <ValueData>0</ValueData> <ValueName>AllowLocalIPsecPolicyMerge</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17445.a" severity="low" conversionstatus="pass" title="Windows Firewall Public - Log Size" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging</Key> <OrganizationValueRequired>True</OrganizationValueRequired> <OrganizationValueTestString>{0} -ge '16384'</OrganizationValueTestString> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\ Type: REG_DWORD Value Name: LogFileSize Value: 0x00004000 (16384) (or greater)</rawString> <ValueData /> <ValueName>LogFileSize</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17445.b" severity="low" conversionstatus="pass" title="Windows Firewall Public - Log Size" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging</Key> <OrganizationValueRequired>True</OrganizationValueRequired> <OrganizationValueTestString>{0} -ge '16384'</OrganizationValueTestString> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\ Type: REG_DWORD Value Name: LogFileSize Value: 0x00004000 (16384) (or greater)</rawString> <ValueData /> <ValueName>LogFileSize</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17446.a" severity="low" conversionstatus="pass" title="Windows Firewall Public - Log Dropped Packets" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\ Type: REG_DWORD Value Name: LogDroppedPackets Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogDroppedPackets</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17446.b" severity="low" conversionstatus="pass" title="Windows Firewall Public - Log Dropped Packets" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\ Type: REG_DWORD Value Name: LogDroppedPackets Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogDroppedPackets</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17447.a" severity="low" conversionstatus="pass" title="Windows FW Public - Log Successful Connections" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging\ Type: REG_DWORD Value Name: LogSuccessfulConnections Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogSuccessfulConnections</ValueName> <ValueType>Dword</ValueType> </Rule> <Rule id="V-17447.b" severity="low" conversionstatus="pass" title="Windows FW Public - Log Successful Connections" dscresource="Registry"> <Ensure>Present</Ensure> <IsNullOrEmpty>False</IsNullOrEmpty> <Key>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging</Key> <OrganizationValueRequired>False</OrganizationValueRequired> <OrganizationValueTestString /> <rawString>Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging\ Type: REG_DWORD Value Name: LogSuccessfulConnections Value: 0x00000001 (1)</rawString> <ValueData>1</ValueData> <ValueName>LogSuccessfulConnections</ValueName> <ValueType>Dword</ValueType> </Rule> </RegistryRule> </DISASTIG> |