Check: WN12-SV-000101
Microsoft Windows Server 2012/2012 R2 Domain Controller STIG:
WN12-SV-000101
(in versions v3 r7 through v2 r7)
Title
The Microsoft FTP service must not be installed unless required. (Cat II impact)
Discussion
Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authentication or encryption.
Check Content
If the server has the role of an FTP server, this is NA. Run "Services.msc". If the "Microsoft FTP Service" (Service name: FTPSVC) is installed and not disabled, this is a finding.
Fix Text
Remove or disable the "Microsoft FTP Service" (Service name: FTPSVC). To remove the "FTP Server" role from a system: Start "Server Manager" Select the server with the "FTP Server" role. Scroll down to "ROLES AND FEATURES" in the left pane. Select "Remove Roles and Features" from the drop down "TASKS" list. Select the appropriate server on the "Server Selection" page, click "Next". De-select "FTP Server" under "Web Server (IIS). Click "Next" and "Remove" as prompted.
Additional Identifiers
Rule ID: SV-226354r794640_rule
Vulnerability ID: V-226354
Group Title: SRG-OS-000096-GPOS-00050
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000382 |
The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |