Audit Policy: System: IPsec Driver (Failure)ID: oval:org.secpod.oval:def:18759 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of System: IPsec Driver events on failure should be enabled or disabled as appropriate.
This security policy setting determines whether the operating system audits the activities of the IPsec driver and reports any of the following events: * Startup and shutdown of IPsec services. * Packets dropped due to integrity check failure. * Packets dropped due to replay check failure. * Packets dropped due to being in plaintext. * Packets received with an incorrect Security Parameter Index (SPI). (This can indicate malfunctioning hardware or interoperability problems.) * Failure to process IPsec filters. A high rate of packet drops by the IPsec filter driver may indicate attempts to gain access to the network by unauthorized systems. Failure to process IPsec filters poses a potential security risk because some network interfaces may not get the protection provided by the IPsec filter.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |