9.3.10 Ensure 'Windows Firewall: Public: Logging: Log successful connections' is set to 'Yes'

Information

Use this option to log when Windows Firewall with Advanced Security allows an inbound connection. The log records why and when the connection was formed. Look for entries with the word ALLOW in the action column of the log.

The recommended state for this setting is: Yes.

Rationale:

If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.

Impact:

Information about successful connections will be recorded in the firewall log file.

Solution

To establish the recommended configuration via GP, set the following UI path to Yes.

Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Logging Customize\Log successful connections

Default Value:

No (default). (Information about successful connections will not be recorded in the firewall log file.)

See Also

https://workbench.cisecurity.org/benchmarks/14249

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, 800-53|AU-9(2), 800-53|AU-12, CCE|CCE-33734-5, CSCv7|6.2, CSCv7|6.3, CSCv7|6.5

Plugin: Windows

Control ID: 9aaa74ffe267080288689feabbd99161819b6d7cbf138124370eec4ec0462bb1