System Preferences must be securely configured so IPv6 is turned off if not being used.

From Apple OS X 10.9 (Mavericks) Workstation Security Technical Implementation Guide

Part of SRG-OS-000480

Associated with: CCI-000366

SV-72889r1_rule System Preferences must be securely configured so IPv6 is turned off if not being used.

Vulnerability discussion

Security appliances and firewalls are not always IPv6 aware, meaning that IPv6 traffic is frequently unfiltered and unprotected. If it is not in use, it should be disabled.

Check content

Run the following command to check if IPv6 is enabled on any network interfaces: sudo networksetup -listallnetworkservices | (while read dev; do echo "$dev"; networksetup -getinfo "$dev" | grep IPv6:; echo ; done) If there is an enabled network interface without the setting 'IPv6: Off' and it does not require IPv6, this is a finding.

Fix text

Run the following command to turn off IPv6 addressing for the Ethernet interface: sudo networksetup -setv6off 'Ethernet' Repeat this command for each enabled interface, interface names are case sensitive.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer