Detections
Analytics
3.089 - The system is not configured to meet the minimum requirement for session security for NTLM SSP based Servers.
Information
Microsoft has implemented a variety of security support providers for use with RPC sessions. In a homogenous Windows environment, all of the options should be enabled and testing should be performed in a heterogeneous environment to determine the maximum-security level that provides reliable functionality.Solution
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> 'Network security- Minimum session security for NTLM SSP based (including secure RPC) servers' to 'Require NTLMv2 session security', 'Require 128-bit encryption (all options selected).See Also
http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip
Item Details
Audit Name: DISA Windows Vista STIG v6r41
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-15981r1_rule, STIG-ID|3.089, Vuln-ID|V-3666
Plugin: Windows
Control ID: 4333785df0f22130dd7a58cfcee66e3e5ebf31ff57251dbe9c2a045ba1ab7f53