Back

Disable Universal Plug and Play device host unless Universal Plug and Play device host use is absolutely necessary.


CONTROL ID
01832
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Disable all unnecessary services unless otherwise noted in a policy exception., CC ID: 00880

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The organization must only enable Universal Plug and Play Device Host if absolutely necessary. Normal use of the terminal service on a workstation terminates the existing interactive logon session; however, if remote assistance is enabled, any existing session can be shared between two computers. (§ 4.1.22, The Center for Internet Security Windows XP Professional SP1/SP2 Benchmark, 2.01)
  • Table F-3: For Windows 2000 Professional, the organization must configure the permissions for Universal Plug and Play Device Host to Administrators: Full Control; System: Read; and System: Start, Stop, and Pause. Table F-4: For Windows XP Professional, the organization must configure the permissions… (Table F-3, Table F-4, CMS Business Partners Systems Security Manual, Rev. 10)
  • The Universal Plug and Play Device Host service should be Disabled, unless absolutely necessary. If it is Enabled, there should be a documented and justified reason. (§ 5.2.2.1, DISA Windows XP Security Checklist, Version 6 Release 1.11)
  • For Specialized Security - Limited Functionality systems, this service should be Disabled. For all other Windows XP environments, this service is Not Defined. (§ 3.1.3, § 6.5, Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68, Revision 1)
  • This service allows devices to be configured automatically upon installation. The Universal Plug and Play service is Not Defined for Enterprise Client environments and should be Disabled for Specialized Security - Limited Functionality environments. (Pg 70, NSA Guide to Security Microsoft Windows XP)