CSCv7|9.3

Title

Perform Regular Automated Port Scans

Description

Perform automated port scans on a regular basis against all systems and alert if unauthorized ports are detected on a system.

Reference Item Details

Category: Limitation and Control of Network Ports, Protocols, and Services

Audit Items

View all Reference Audit Items

NamePluginAudit Name
18.1.3 Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L2 DC
18.1.3 Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 DC L2 v1.3.0
18.1.3 Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2016 MS L2 v1.4.0
18.1.3 Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2019 MS L2 v1.3.0
18.1.3 Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L2 MS
18.1.3 Ensure 'Allow Online Tips' is set to 'Disabled'WindowsCIS Windows Server 2016 DC L2 v1.4.0
18.3.2 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.3.2 (L1) Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.3.3 (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.3.3 (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.3.4 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.3.4 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.3.5 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.3.5 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.4.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.4.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.4.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.4.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.4.4 (L2) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.4.4 (L2) Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.4.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.4.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.4.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.4.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.4.7 (L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.4.7 (L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.4.8 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.4.8 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.4.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.4.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.4.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.4.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.5.4.1 (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.5.4.1 (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnDomainWindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnDomainWindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnPublicNetWindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnPublicNetWindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - EnableLLTDIOWindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - EnableLLTDIOWindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - ProhibitLLTDIOOnPrivateNetWindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.5.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - ProhibitLLTDIOOnPrivateNetWindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.5.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - AllowRspndrOnDomainWindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.5.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - AllowRspndrOnDomainWindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.5.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - AllowRspndrOnPublicNetWindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.5.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - AllowRspndrOnPublicNetWindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.5.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - EnableRspndrWindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.5.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - EnableRspndrWindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)')WindowsCIS Microsoft Windows 8.1 v2.4.0 L2