DTBC-0001 - Firewall traversal from remote host must be disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Remote connections should never be allowed that bypass the firewall, as there is no way to verify if they can be trusted. Enables usage of STUN and relay servers when remote clients are trying to establish a connection to this machine. If this setting is enabled, then remote clients can discover and connect to this machine even if they are separated by a firewall. If this setting is disabled and outgoing UDP connections are filtered by the firewall, then this machine will only allow connections from client machines within the local network. If this policy is left not set the setting will be enabled.

Solution

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative\Templates\Google\Google Chrome\Remote Access
Policy Name: Enable firewall traversal from remote access host
Policy State: Disabled
Policy Value: N/A

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Chrome_V2R8_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001414, Rule-ID|SV-221558r769351_rule, STIG-ID|DTBC-0001, STIG-Legacy|SV-57545, STIG-Legacy|V-44711, Vuln-ID|V-221558

Plugin: Windows

Control ID: 636b20b9193c5204e1c935793f33e39ffd8c0715f0ebfda08f4e435e3dbb4c12