3.061 - Unencrypted remote access is permitted to system services.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This is a category 1 finding because when unencrypted access to system services is permitted, an intruder can intercept user identification and passwords that are being transmitted in clear text. This could give an intruder unlimited access to the network.

Solution

Encryption of userid and password information is required.

Encryption of the user data inside the network firewall is also highly recommended.

Encryption of user data coming from or going outside the network firewall is required.

Encryption for administrator data is always required.

Refer to the Enclave Security STIG section on 'FTP and Telnet,' for detailed information on its use.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2008_MS_V6R46_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-17(2), CAT|I, CCI|CCI-000068, Rule-ID|SV-29696r1_rule, STIG-ID|3.061, Vuln-ID|V-2908

Plugin: Windows

Control ID: af35c46ca7c78f0afceb951dbfb2640de134de089c552faf06226843f08c0f70