WN12-SO-000041 - The system must be configured to limit how often keep-alive packets are sent.

Information

This setting controls how often TCP sends a keep-alive packet in attempting to verify that an idle connection is still intact. A higher value could allow an attacker to cause a denial of service with numerous connections.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' to '300000 or 5 minutes (recommended)' or less.

(See 'Updating the Windows Security Options File' in the STIG Overview document if MSS settings are not visible in the system's policy tools.)

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_MS_V3R4_STIG.zip

Item Details

References: CAT|III, CCI|CCI-002385, Rule-ID|SV-225482r569185_rule, STIG-ID|WN12-SO-000041, STIG-Legacy|SV-52927, STIG-Legacy|V-4113, Vuln-ID|V-225482

Plugin: Windows

Control ID: 7814b53655f4e32355258a405d9aea1534a4bf3b292e02e43d3e116d6622a304