Back

Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" to organizational standards.


CONTROL ID
08210
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure network protection settings to organizational standards., CC ID: 07601

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting to "Not Defined". (FE35CA76-4C38-44B7-8852-3A74CE41F5DB, WinXPSP3 Computer Security Compliance, 1.0)
  • Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting to "Not Defined". (0CAAD9A0-E5E4-4292-AB8E-DFB19C07F735, WinXPSP3 Computer Security Compliance, 1.0)
  • Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting to "Disabled". (1459DBB4-931B-41F0-B5E9-2C023D783214, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting to "Disabled". (EA24CBA4-0501-4038-8E5D-5BB08C57EB56, WS2003SP2 Domain Controller Security Compliance, 1.0)
  • Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting to "Disabled". (B406CC1D-86F7-4958-B601-1439743DF70F, WS2003SP2 Member Server Security Compliance, 1.0)
  • Configure the "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting to "Disabled". (3AFEA857-0712-44EB-8823-528A2B45B1DF, WS2003SP2 Member Server Security Compliance, 1.0)
  • TCP/IP Dead Gateway Detection should be properly configured. Technical Mechanisms: (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect Parameters: (1) enabled/disabled References: CCE-897 Protect the Default Gateway network setting: HKLM\System\CurrentCont… (CCE-3884-4, Common Configuration Enumeration List, Combined XML: Windows 2000, 5.20130214)
  • TCP/IP Dead Gateway Detection should be properly configured. Technical Mechanisms: (1) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnableDeadGWDetect Parameters: (1) enabled/disabled References: CCE-897 Table. 3.246 Security Consideration for Network Attack: EnableDeadGW… (CCE-2919-9, Common Configuration Enumeration List, Combined XML: Windows Server 2003, 5.20130214)
  • The "MSS: (EnableDeadGWDetect) Allow automatic detection of dead network gateways (could lead to DoS)" setting should be configured correctly. Technical Mechanisms: (1) Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options/MSS: (EnableDeadGWDetect) Allow automati… (CCE-1967-9, Common Configuration Enumeration List, Combined XML: Windows Server 2008, 5.20130214)