18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This value controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote computer is still reachable, it acknowledges the keep-alive packet.

The recommended state for this setting is: Enabled: 300,000 or 5 minutes (recommended)

An attacker who is able to connect to network applications could establish numerous connections to cause a DoS condition.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: 300,000 or 5 minutes (recommended) :

Computer Configuration\Policies\Administrative Templates\MSS (Legacy)\MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds

Note: This Group Policy path does not exist by default. An additional Group Policy template ( MSS-legacy.admx/adml ) is required - it is available from this TechNet blog post:

The MSS settings - Microsoft Security Guidance blog

Impact:

Keep-alive packets are not sent by default by Windows. However, some applications may configure the TCP stack flag that requests keep-alive packets. For such configurations, you can lower this value from the default setting of two hours to five minutes to disconnect inactive sessions more quickly.

See Also

https://workbench.cisecurity.org/benchmarks/15032