WN12-SO-000041 - The system must be configured to limit how often keep-alive packets are sent.

Information

This setting controls how often TCP sends a keep-alive packet in attempting to verify that an idle connection is still intact. A higher value could allow an attacker to cause a denial of service with numerous connections.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' to '300000 or 5 minutes (recommended)' or less.

(See 'Updating the Windows Security Options File' in the STIG Overview document if MSS settings are not visible in the system's policy tools.)

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_DC_V3R4_STIG.zip

Item Details

References: CAT|III, CCI|CCI-002385, Rule-ID|SV-226305r794561_rule, STIG-ID|WN12-SO-000041, STIG-Legacy|SV-52927, STIG-Legacy|V-4113, Vuln-ID|V-226305

Plugin: Windows

Control ID: 217d93c5d5944cf132876c87dc4e4bef6bbbdb33a867676d1f3cb9d977fd8920