Back

Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" to organizational standards.


CONTROL ID
07648
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure network protection settings to organizational standards., CC ID: 07601

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (91BB8506-E5C5-4221-A58F-E836F736208F, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (1E8B628D-EFD5-4DB9-A40D-549DDE9FD0F3, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (CBABFE05-8955-4444-A89B-73B6DC2DC2BD, Win8 Computer Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (8CD5614D-B532-44D0-897C-F40B4E3EB472, Win8 Computer Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (4244A0B6-E9A9-4C67-B5E2-E1C1746F3244, WinVistaSP2 Computer Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (DB895E62-DA98-4833-8314-1367C43C341A, WinVistaSP2 Computer Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (631D0776-2511-4BE0-9FB6-1743AE37C14B, WinXPSP3 Computer Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (E0C0D4C8-1C37-462B-A5AB-96124FA12538, WinXPSP3 Computer Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Disabled". (428815CE-FA3D-4A3C-8FE1-CA1C3B9F7E12, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Disabled". (934F8BB3-EFA2-4F88-978F-F6D95CAAE225, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Disabled". (F497D250-1455-472F-AAA8-4EC1A45B2EAB, WS2003SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Disabled". (482D0DFF-05DE-4209-8207-8B9BEFB67858, WS2003SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (0038606A-C2C7-4472-921E-A975278093BE, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (5384EAEC-212D-4ABD-85C6-18D083B4B9D4, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (2F0BBA80-B517-45E6-8B94-DBE3182E519E, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (CDC51269-40BC-414D-B3FC-323F8F05C9E3, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Disabled". (FA09490C-DE0A-48E4-8B63-C39A99E59F92, WS2008SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Disabled". (80000023-E938-40A1-A10A-B450B836E984, WS2008SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Disabled". (941E8FEC-50E8-4081-BE62-D8F69BCF4D61, WS2008SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Disabled". (4B2C65F3-CA39-4C81-9E87-8057DD4D19E2, WS2008SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (4FEA302D-20F4-40F3-A49D-BBD9BD1B4198, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (880781CA-BC13-443A-AA7C-2F0DC16665CA, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (61919547-B8AD-438C-BADC-69509FD08C05, WS2012 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting to "Not Defined". (D42B3302-1ACA-40AD-99FB-D5D078C4D8B0, WS2012 Member Server Security Compliance, 1.0)
  • (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' Description: Internet Control Message Protocol (ICMP) redirects cause the IPv4 stack to plumb host routes. These routes override the Open Shortest Path First (OSPF) generated routes. T… (18.4.4, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 1)
  • (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' Description: Internet Control Message Protocol (ICMP) redirects cause the IPv4 stack to plumb host routes. These routes override the Open Shortest Path First (OSPF) generated routes. T… (18.4.4, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 2)
  • Title: Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' Description: The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry app… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.8_Configure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.8.1_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' Description: The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry app… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.8_Configure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.8.2_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' Description: The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry app… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.8_Configure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.8.1_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' Description: The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry app… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.8_Configure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.8.2_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' Description: The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry app… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.7_Configure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.7.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' Description: The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry app… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.7_Configure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.7.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' Description: The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry app… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.3_Configure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.3.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' Description: The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry app… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.3_Configure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.3.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' Description: The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry app… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.3_Configure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.3.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • Title: Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' Description: The registry value entry EnableICMPRedirect was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\ registry key. The entry app… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.3_Configure_MSS_EnableICMPRedirect_Allow_ICMP_redirects_to_override_OSPF_generated_routes Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.3.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • The 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' setting should be configured correctly. Technical Mechanisms: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (EnableICMPRedirect) Allow ICMP redirects to o… (CCE-10518-9, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)
  • The "MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes" setting should be configured correctly. Technical Mechanisms: (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (EnableICMPRedirect) Allow ICMP redirects to overri… (CCE-1470-4, Common Configuration Enumeration List, Combined XML: Windows Server 2008, 5.20130214)