SMB Signing Disabled Vulnerability

Vulnerability:

SMB Signing Disabled

Risk Level = Medium

Remediation :

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
> Configure the following security policy settings as follows:
o Disable Microsoft Network Client: Digitally Sign Communications (Always).
o Disable Microsoft Network Server: Digitally Sign Communications (Always).
o Enable Microsoft Network Client: Digitally Sign Communications (If Server Agrees).
o Enable Microsoft Network Server: Digitally Sign Communications (If Client Agrees).

Comments

Post a Comment

Popular posts from this blog

Terminal Services Doesn't Use Network Level Authentication (NLA) Only

Vulnerability: Terminal Services Doesn't Use Network Level Authentication (NLA) Only Risk Level: Medium Remediation : To configure Network Level Authentication for a connection 1. On the RD Session Host server, open Remote Desktop Session Host Configuration. To open Remote Desktop Session Host Configuration, click Start, point to Administrative Tools, point to Remote Desktop Services, and then click Remote Desktop Session Host Configuration. 2. Under Connections, right-click the name of the connection, and then click Properties. 3. On the General tab, select the Allow connections only from computers running Remote Desktop with Network Level Authentication check box.
Read more

Terminal Services Encryption Level Vulnerability

Vulnerability: Terminal Services Encryption Level is Medium or Low Risk Level = Medium Remediation: Set Encryption Level to High Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC) FIPS Use FIPS compliant algorithms for encryption, hashing, and signing Group Policy setting. This Group Policy setting is located in Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC).
Read more

Terminal Services Encryption Level is not FIPS-140 Compliant Vulnerability

Vulnerability: Terminal Services Encryption Level is not FIPS-140 Compliant Risk Level = Medium Remediation: FIPS Use FIPS compliant algorithms for encryption, hashing, and signing Group Policy setting. This Group Policy setting is located in Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options and can be configured by using either the Local Group Policy Editor or the Group Policy Management Console (GPMC).
Read more