2.8.5 Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled'

Information

Chrome enables the usage of STUN servers which allows remote clients to discover and connect to a machine even if they are separated by a firewall. By disabling this feature, in conjunction with filtering outgoing UDP connections, the machine will only allow connections from machines within the local network.

The recommended state for this setting is: Disabled (0)

Rationale:

If this setting is enabled, remote clients can discover and connect to these machines even if they are separated by a firewall.

Impact:

If this setting is disabled and outgoing UDP connections are filtered by the firewall, this machine will only allow connections from client machines within the local network.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Remote access\Enable firewall traversal from remote access host

Default Value:

Unset (Same as Enabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17, 800-53|AC-17(1), 800-53|SC-7, 800-53|SI-4, CSCv7|12.12

Plugin: Windows

Control ID: c4aeaff1ca868cef83ad3a0b957b88cba3314326bf07957f1fa807f8a87f70e2