Unencrypted remote access will not be permitted to system services.

From Windows Server 2008 R2 Domain Controller Security Technical Implementation Guide

Part of Unencrypted Remote Access

Associated with: CCI-000068

SV-32263r1_rule Unencrypted remote access will not be permitted to system services.

Vulnerability discussion

This is a category 1 finding because when unencrypted access to system services is permitted, an intruder can intercept user identification and passwords that are being transmitted in clear text. This could give an intruder unlimited access to the network.

Check content

Interview the IAO to ensure that encryption of userid and password information is required, and data is encrypted according to DoD policy. If the user account used for unencrypted remote access within the enclave (premise router) has administrator privileges, then this is a finding. If userid and password information used for remote access to system services from outside the enclave is not encrypted, then this is a finding.

Fix text

Encryption of userid and password information is required. Encryption of the user data inside the network firewall is also highly recommended. Encryption of user data coming from or going outside the network firewall is required. Encryption for administrator data is always required. Refer to the Enclave Security STIG section on “FTP and Telnet” for detailed information on its use.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer