SV-29364r1_rule
V-4111
Disable ICMP Redirect
3.095
CAT III
10
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes” to “Disabled”.
Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.
If the value for “MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes” is not set to “Disabled”, then this is a finding.
The policy referenced configures the following registry value:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Services\Tcpip\Parameters\
Value Name: EnableICMPRedirect
Value Type: REG_DWORD
Value: 0
V-4111
False
3.095
Analyze the system using the Security Configuration and Analysis snap-in.
Expand the Security Configuration and Analysis tree view.
Navigate to Local Policies -> Security Options.
If the value for “MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes” is not set to “Disabled”, then this is a finding.
The policy referenced configures the following registry value:
Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Services\Tcpip\Parameters\
Value Name: EnableICMPRedirect
Value Type: REG_DWORD
Value: 0
M
HK
System Administrator
1340