1.1.67 Ensure 'Restrict exposure of local IP address by WebRTC' is set to 'Enabled: Allow public interface over http default route. This doesn't expose the local IP address'

Information

This policy setting specifies whether the local IP address will be exposed by WebRTC.

The recommended state for this setting is Enabled: Allow public interface over http default route. This doesn't expose the local IP address.

Rationale:

Allowing the exposure of IP addresses allows attacker to gather information on the internal network that could potentially be utilized to breach and traverse the network.

Impact:

The local IP address will not be exposed.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled: Allow public interface over http default route. This doesn't expose the local IP address

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Restrict exposure of local IP address by WebRTC

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.




Default Value:

Disabled - WebRTC exposes the local IP address.

See Also

https://workbench.cisecurity.org/files/3005