System: Audit IPsec DriverID: oval:gov.nist.usgcb.windowsseven:def:200 | Date: (C)2012-04-13 (M)2022-10-10 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to audit events generated by the IPsec filter driver such as the following:
Startup and shutdown of the IPsec services.
Network packets dropped due to integrity check failure.
Network packets dropped due to replay check failure.
Network packets dropped due to being in plaintext.
Network packets received with incorrect Security Parameter Index (SPI). This may indicate that either the network card is not working correctly or the driver needs to be updated.
Inability to process IPsec filters.
If you configure this policy setting, an audit event is generated on an IPsec filter driver operation. Success audits record successful attempts and Failure audits record unsuccessful attempts.
If you do not configure this policy setting, no audit event is generated on an IPSec filter driver operation.
Volume: Low.
Default: No Auditing.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\System\Audit IPsec Driver
(2) REG: INFO NOT AVAILABLE
Platform: |
Microsoft Windows 7 |