[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

Allow ICMP exceptions (Allow inbound echo request and block everything else) - Domain Profile

ID: oval:gov.nist.USGCB.xpfirewall:def:5006Date: (C)2012-04-13   (M)2017-07-28
Class: COMPLIANCEFamily: windows




The Windows Firewall: Allow ICMP exceptions setting defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you set this policy setting to Enabled, you must specify which ICMP message types Windows Firewall allows the computer to send or receive. When you set this policy to Disabled, Windows Firewall blocks all unsolicited incoming ICMP message types and the listed outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from the computer. Many attacker tools take advantage of computers that accept ICMP message types and use these messages to mount a variety of attacks. However, some applications require some ICMP messages in order to function properly. For that reason, this appendix recommends that you configure this setting to Disabled whenever possible. If your environment requires some ICMP messages to get through Windows Firewall, configure the setting with the appropriate message types. Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (such as those sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions.

Platform:
Microsoft Windows XP
Reference:
CCE-3141-9
CPE    2
cpe:/o:microsoft:windows_xp
cpe:/o:microsoft:windows_xp::sp2
CCE    1
CCE-3141-9
XCCDF    4
xccdf_gov.nist_benchmark_USGCB-Windows-XP-firewall
xccdf_org.secpod_benchmark_nist_windows_xp
xccdf_org.secpod_benchmark_nerc_cip_Windows_XP
xccdf_org.secpod_benchmark_Windows_XP
...

© 2013 SecPod Technologies