2.4.2 Ensure Internet Sharing Is Disabled

Information

Internet Sharing uses the open source natd process to share an internet connection with other computers and devices on a local network. This allows the Mac to function as a router and share the connection to other, possibly unauthorized, devices.

Rationale:

Disabling Internet Sharing reduces the remote attack surface of the system.

Impact:

Internet Sharing allows the computer to function as a router and other computers to use it for access. This can expose both the computer itself and the networks it is accessing to unacceptable access from unapproved devices.

Solution

Perform the following to disable Internet Sharing:
Graphical Method:

Open System Preferences

Select Sharing

Uncheck Internet Sharing

Terminal Method:
Run the following command to turn off Internet Sharing:

$ sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict Enabled -int 0

Note: Using the Terminal Method will not uncheck the setting in System Preferences>Sharing but will disable the underlying service.
Profile Method:

Create or edit a configuration profile with the PayLoadType of com.apple.MCX

Add the key forceInternetSharingOff

Set the key to </true>

See Also

https://workbench.cisecurity.org/files/3569

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1, CSCv7|9.2

Plugin: Unix

Control ID: f229b90afb94a747db6db5616474da9738ca1f0798b77e193a36f7a8ea677928