Detections
Analytics

CSCv6|9

Title

Limitation and Control of Network Ports

Description

Limitation and Control of Network Ports

Reference Item Details

Category: Limitation and Control of Network Ports

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.9.5 Set 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' to 'Highest protection'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.7 Configure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default)'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.8 Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.10 Configure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.11 Configure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 default)'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.12 Configure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.15 Set 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' to 'Highest'WindowsCIS Windows 8 L1 v1.0.0
1.1.3.9.16 Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)'WindowsCIS Windows 8 L1 v1.0.0
1.1.4.7 Set 'Access this computer from the network' to 'Users, Administrators'WindowsCIS Windows 8 L1 v1.0.0
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - certfileUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfileUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfileUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-keyfileUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-keyfileUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - keyfileUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.27 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfileUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.27 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-keyfileUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.1.1 Configure 'Set IP Stateless Autoconfiguration Limits State'WindowsCIS Windows 8 L1 v1.0.0
1.3 Dedicated Name Server RoleUnixCIS BIND DNS v1.0.0 L1 Caching Only Name Server
1.3 Dedicated Name Server RoleUnixCIS BIND DNS v3.0.1 Authoritative Name Server
1.3 Dedicated Name Server RoleUnixCIS BIND DNS v1.0.0 L1 Authoritative Name Server
1.3 Dedicated Name Server RoleUnixCIS BIND DNS v3.0.1 Caching Only Name Server
1.5.7 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L2
1.5.7 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L2
1.5.9 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L2
1.5.9 Ensure that a unique Certificate Authority is used for etcdUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L2
10.1 Ensure the LimitRequestLine directive is Set to 512 or lessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
10.1 Ensure the LimitRequestLine directive is Set to 512 or lessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
10.2 Ensure the LimitRequestFields Directive is Set to 100 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
10.2 Ensure the LimitRequestFields Directive is Set to 100 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
10.3 Ensure the LimitRequestFieldsize Directive is Set to 1024 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
10.4 Ensure the LimitRequestBody Directive is Set to 102400 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
10.4 Ensure the LimitRequestBody Directive is Set to 102400 or LessUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
18.3.5 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.4.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.4.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
18.4.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.4.4 (L2) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.4.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.4.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.4.11 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
18.4.11 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0
18.4.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.4.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.4.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Windows 7 Workstation Level 2 v3.2.0
18.4.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0