Back

Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" to organizational standards.


CONTROL ID
07733
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure network protection settings to organizational standards., CC ID: 07601

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (309AEE2A-D7E8-4813-8ED6-89BF1FC7C8FB, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (A6FA9373-0401-4CE7-AA44-3649C9B5B21B, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (C29E655F-FF74-4E67-A67F-EDA66CCC4B30, Win8 Computer Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (6D1A0550-5ED0-4A73-A985-0E11186003D8, Win8 Computer Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (DAF8C4CA-AEF8-493C-975B-E384E30DCF5D, WinVistaSP2 Computer Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (E313A545-4587-4245-B466-0836382FA1D1, WinVistaSP2 Computer Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (342FDB5F-74FC-48F9-97BE-CD5D5744DF55, WinXPSP3 Computer Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (1F908D85-D202-4785-848B-EE78E7735B3A, WinXPSP3 Computer Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Disabled". (D51ADF72-894F-47EE-AA02-2D61D14CB2E3, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Disabled". (3433ED6C-1248-4E4C-9FAB-7EF7F9DD2FF7, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Disabled". (93F1D954-3E60-4C41-9D81-61431DF75420, WS2003SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Disabled". (13706805-17F4-4CA8-B123-EF6943BCFB8E, WS2003SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (A28F7993-D550-4D2F-9846-F0C893554F9F, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (8B9B73B6-2D3C-4448-8887-4A468856D768, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (CF8C7B16-F1DF-4578-88D3-A851EC15589C, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (15994591-5BF6-458A-89D1-2A0F3C392F05, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Disabled". (A0682748-B294-4E1C-ACE8-1BF093BF7F06, WS2008SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Disabled". (57796133-6DE3-405E-AC7E-E746E0EF21E0, WS2008SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Disabled". (1B76FBBB-A352-4BB3-9CF9-E5E80C21A55D, WS2008SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Disabled". (59EFD7B0-0480-443E-9069-619508EB019D, WS2008SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (3B485536-01F7-4BDF-98A9-3812F6FD9727, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (1BBF2DEE-AB0D-4B0D-97B9-4F95C081C30C, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (E80490ED-6D95-4CD2-A480-AD97D302983B, WS2012 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting to "Not Defined". (EF7DDBD2-1E17-434F-8690-D6568090C67D, WS2012 Member Server Security Compliance, 1.0)
  • (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled' Description: This setting is used to enable or disable the Internet Router Discovery Protocol (IRDP), which allows the system to detect and configure defa… (18.4.7, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 2)
  • Title: Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' Description: The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.16_Configure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.16.1_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' Description: The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.16_Configure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.16.2_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' Description: The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.16_Configure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.16.1_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' Description: The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.9.16_Configure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.9.16.2_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' Description: The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.28_Configure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.28.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' Description: The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.28_Configure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.28.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' Description: The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.8_Configure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.8.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' Description: The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.8_Configure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.8.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' Description: The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.8_Configure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.8.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • Title: Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' Description: The registry value entry PerformRouterDiscovery was added to the template file in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Param… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.10.8_Configure_MSS_PerformRouterDiscovery_Allow_IRDP_to_detect_and_configure_Default_Gateway_addresses_could_lead_to_DoS Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.10.8.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • The 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' setting should be configured correctly. Technical Mechanisms: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (PerformRouterDi… (CCE-10768-0, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)
  • IRDP should be properly configured. Technical Mechanisms: (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery Parameters: (1) enabled/disabled References: CCE-952 Ensure Router Discovery is Disabled: HKLM\System\CurrentControlSet\Services\Tcpip\Paramet… (CCE-4065-9, Common Configuration Enumeration List, Combined XML: Windows 2000, 5.20130214)
  • IRDP should be properly configured. Technical Mechanisms: (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery Parameters: (1) enabled/disabled References: CCE-952 3.2.1.74 MSS: Allow IRDP to detect and configure DefaultGateway addresses: Disabled Table… (CCE-3509-7, Common Configuration Enumeration List, Combined XML: Windows Server 2003, 5.20130214)
  • The "MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)" setting should be configured correctly. Technical Mechanisms: (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (PerformRouterDiscove… (CCE-1800-2, Common Configuration Enumeration List, Combined XML: Windows Server 2008, 5.20130214)