2.8.7 Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'.

Information

Google Chrome allows the use of relay servers when clients are trying to connect to this machine and a direct connection is not available.

Disable (0): The use of relay servers by the remote access host is not allowed

Enabled (1): The use of relay servers by the remote access host is allowed

The recommended state for this setting is: Disabled (0)

Rationale:

Relay servers shall not be used to circumvent firewall restrictions.

Impact:

If this setting is disabled, remote clients can not use relay servers to connect to this machine.

NOTE: Setting this to Disabled doesn't turn remote access off, but only allows connections from the same network (not NAT traversal or relay).

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Remote access\Enable the use of relay servers by the remote access host

Default Value:

Unset (Same as Enabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17, 800-53|AC-17(1), 800-53|SC-7, 800-53|SI-4, CSCv7|12.12

Plugin: Windows

Control ID: e6ef2b4d85265d7d9ae37f39599204970a2f782272f842ffd4f8909f1355ae81