CSCv7|9.3

Title

Perform Regular Automated Port Scans

Description

Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system.

Reference Item Details

Category: Limitation and Control of Network Ports, Protocols, and Services

Audit Items

View all Reference Audit Items

NamePluginAudit Name
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L2 DC
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L2 DC
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L2 MS
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L2 MS
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L2 Domain Controller
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L2 DC
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L2 MS
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L2 MS
18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L2 Member Server
18.1.3 Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC
18.1.3 Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS
18.1.3 Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L2 DC
18.1.3 Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L2 MS
18.3.2 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.3.2 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.3.3 (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.3.3 Ensure 'Configure SMB v1 server' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.3.4 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.3.4 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.3.5 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.3.5 Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.4.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.4.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.4.4 (L2) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.4.4 (L2) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.4.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.5 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.4.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.4.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.4.7 (L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.4.7 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.4.8 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.4.8 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.4.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.4.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.4.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.4.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.5.4.1 (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.5.4.1 Ensure 'Turn off multicast name resolution' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnDomainWindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnDomainWindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnPublicNetWindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnPublicNetWindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - EnableLLTDIOWindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - EnableLLTDIOWindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - ProhibitLLTDIOOnPrivateNetWindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker