STIGQter STIGQter: STIG Summary: Windows Server 2016 Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Jan 2020: Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing.

DISA Rule

SV-88151r1_rule

Vulnerability Number

V-73499

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

WN16-CC-000040

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure the policy value for Computer Configuration >> Administrative Templates >> MSS (Legacy) >> "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" to "Enabled" with "Highest protection, source routing is completely disabled" selected.

This policy setting requires the installation of the MSS-Legacy custom templates included with the STIG package. "MSS-Legacy.admx" and "MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.

Check Contents

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\

Value Name: DisableIPSourceRouting

Type: REG_DWORD
Value: 0x00000002 (2)

Vulnerability Number

V-73499

Documentable

False

Rule Version

WN16-CC-000040

Severity Override Guidance

If the following registry value does not exist or is not configured as specified, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\

Value Name: DisableIPSourceRouting

Type: REG_DWORD
Value: 0x00000002 (2)

Check Content Reference

M

Target Key

3157

Comments