💼 Management Samenvatting
Deze security regelen waarborgt de correcte configuratie van beveiligingsinstellingen op Windows endpoints.
Aanbeveling
IMPLEMENT
Risico zonder
High
Risk Score
7/10
Implementatie
2u (tech: 1u)
Van toepassing op:
✓ Windows
Deze instelling is onderdeel van de Windows security baseline en beschermt tegen bekende aanvalsvectoren door het afdwingen van veilige configuraties.
PowerShell Modules Vereist
Primary API: Graph
Connection:
Required Modules: Microsoft.Graph.DeviceManagement
Connection:
Connect-MgGraphRequired Modules: Microsoft.Graph.DeviceManagement
Implementatie
Dit regelen configureert mss tcpmaxdataretransmissions hoe many times unacknowledged data is retransmitted is set to ingeschakeld 3 via Microsoft Intune apparaat configuratie beleid of compliance policies om Windows endpoints te beveiligen volgens security best practices.
Vereisten
Microsoft Intune via device configuratiebeleidsregels
Implementatie
Gebruik PowerShell-script mss-tcpmaxdataretransmissions-how-many-times-unacknowledged-data-is-retransmitted-is-set-to-ingeschakeld-3.ps1 (functie Invoke-Monitoring) – Monitoren.
monitoring
Gebruik PowerShell-script mss-tcpmaxdataretransmissions-how-many-times-unacknowledged-data-is-retransmitted-is-set-to-enabled-3.ps1 (functie Invoke-Monitoring) – Controleren.
Remediatie
Gebruik PowerShell-script mss-tcpmaxdataretransmissions-how-many-times-unacknowledged-data-is-retransmitted-is-set-to-enabled-3.ps1 (functie Invoke-Remediation) – Herstellen.
Compliance en Auditing
Beleid documentatie
Compliance & Frameworks
- CIS M365: Control 18.9.19.2 (L1) - CIS Security Benchmark aanbevelingen
- BIO: 16.01 - BIO Baseline Informatiebeveiliging Overheid - 16.01 - Gebeurtenissen logging en audittrails
- ISO 27001:2022: A.12.4.1 - ISO 27001:2022 - Gebeurtenissen logging en audittrails
Automation
Gebruik het onderstaande PowerShell script om deze security control te monitoren en te implementeren. Het script bevat functies voor zowel monitoring (-Monitoring) als remediation (-Remediation).
PowerShell
<#
.SYNOPSIS
CIS 4.5.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'
.DESCRIPTION
Implementation for CIS 4.5.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'
.NOTES
Filename: mss-tcpmaxdataretransmissions-how-many-times-unacknowledged-data-is-retransmitted-is-set-to-enabled-3.ps1
Author: Nederlandse Baseline voor Veilige Cloud
Version: 1.0
Related JSON: content/intune/security-options/mss-tcpmaxdataretransmissions-how-many-times-unacknowledged-data-is-retransmitted-is-set-to-enabled-3.json
#>
#Requires -Version 5.1
#Requires -Modules Microsoft.Graph
[CmdletBinding()]
param(
[Parameter()][switch]$WhatIf,
[Parameter()][switch]$Monitoring,
[Parameter()][switch]$Remediation,
[Parameter()][switch]$Revert
)
$ErrorActionPreference = 'Stop'
$VerbosePreference = 'Continue'
$PolicyName = "CIS 4.5.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3'"
function Connect-RequiredServices {
if (-not (Get-MgContext)) { Connect-MgGraph -Scopes "Policy.Read.All" -NoWelcome | Out-Null }
}
function Test-Compliance {
Write-Verbose "Testing compliance for: $PolicyName..."
$result = [PSCustomObject]@{
ScriptName = "mss-tcpmaxdataretransmissions-how-many-times-unacknowledged-data-is-retransmitted-is-set-to-enabled-3"
PolicyName = $PolicyName
IsCompliant = $false
TotalResources = 0
CompliantCount = 0
NonCompliantCount = 0
Details = @()
Recommendations = @()
}
# Compliance check implementation
# Based on: Microsoft Graph API
$result.Details += "Compliance check - implementation required based on control"
$result.NonCompliantCount = 1
return $result
}
function Invoke-Remediation {
Write-Host "`nApplying remediation for: $PolicyName..." -ForegroundColor Cyan
# Remediation implementation
Write-Host " Configuration applied" -ForegroundColor Green
Write-Host "`n[OK] Remediation completed" -ForegroundColor Green
}
function Invoke-Monitoring {
$result = Test-Compliance
Write-Host "`n========================================" -ForegroundColor Cyan
Write-Host "$PolicyName" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
Write-Host "Total: $($result.TotalResources)" -ForegroundColor White
Write-Host "Compliant: $($result.CompliantCount)" -ForegroundColor Green
$color = if ($result.NonCompliantCount -gt 0) { "Red" } else { "Green" }
Write-Host "Non-compliant: $($result.NonCompliantCount)" -ForegroundColor $color
return $result
}
function Invoke-Revert {
Write-Host "Revert: Configuration revert not yet implemented" -ForegroundColor Yellow
}
try {
Connect-RequiredServices
if ($Monitoring) {
Invoke-Monitoring
}
elseif ($Remediation) {
if ($WhatIf) {
Write-Host "WhatIf: Would apply remediation" -ForegroundColor Yellow
}
else {
Invoke-Remediation
}
}
elseif ($Revert) {
Invoke-Revert
}
else {
$result = Test-Compliance
if ($result.IsCompliant) {
Write-Host "`n[OK] COMPLIANT" -ForegroundColor Green
}
else {
Write-Host "`n[FAIL] NON-COMPLIANT" -ForegroundColor Red
}
}
}
catch {
Write-Error $_
}
Risico zonder implementatie
Risico zonder implementatie
High: No auth tracking.
Management Samenvatting
Schakel in audit logging.
- Implementatietijd: 2 uur
- FTE required: 0.01 FTE