35.4 (L1) Ensure 'Enable Domain Network Firewall: Enable Log Dropped Packets' is set to 'Yes: Enable Logging Of Dropped Packets'

Information

Use this option to log when Windows Firewall with Advanced Security discards an inbound packet for any reason. The log records why and when the packet was dropped. Look for entries with the word DROP in the action column of the log.

The recommended state for this setting is: Enable Logging Of Dropped Packets

If events are not recorded it may be difficult or impossible to determine the root cause of system problems or the unauthorized activities of malicious users.

Solution

To establish the recommended configuration via configuration profiles, set the following Settings Catalog path to Enable Logging Of Dropped Packets :

Firewall\Enable Domain Network Firewall: Enable Log Dropped Packets

Impact:

Information about dropped packets will be recorded in the firewall log file.

See Also

https://workbench.cisecurity.org/benchmarks/16853

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AU-3, 800-53|AU-3(1), 800-53|AU-7, 800-53|AU-12, 800-53|SC-7, 800-53|SC-7(5), CSCv7|6.3, CSCv7|9.4

Plugin: Windows

Control ID: 31e66b02a510f80547454af472af18d219d90b9b4e4e5ffbfa771988ffc317ad