From Remote Endpoint STIG
Part of SRC-EPT-191 Disable incoming dial-up capability
Associated with IA controls: ECSC-1
Accepting incoming dial up connection on a device not intended for dial up opens an attack surface.
This check verifies that the remote access software is configured for dial-out only. Navigate to the Services applet in the Administrative Tools folder. Check the services listing for the Remote Access Service (or other third party remote access software service) and view the properties. Highlight the communications port and select Configure. Verify “dial-out only” is selected. If a modem is installed and enabled in the active profile, the SA should demonstrate that auto or manual answer modes are not used. Work with the SA to review the configuration of several remote access devices. On the client device, this setting is usually enabled in the specific communications software used. All communications software, regardless of function must have this capability disabled if available. Some examples are: Winfax and other fax software, PcAnywhere and other remote access software, Internet and POTS phone dialers, etc. While it is not possible to write checks for all possible applications, the reviewer should work with the SA to review the settings of all installed RAS applications. If the remote devices are not available for review, ensure the disabling of this setting is addressed in the user agreement, training materials, or site remote device configuration procedures.
Disable incoming dialup.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer