Check: WN12-SV-000101
Microsoft Windows Server 2012/2012 R2 Member Server STIG:
WN12-SV-000101
(in versions v3 r7 through v2 r7)
Title
The Microsoft FTP service must not be installed unless required. (Cat II impact)
Discussion
Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authentication or encryption.
Check Content
If the server has the role of an FTP server, this is NA. Run "Services.msc". If the "Microsoft FTP Service" (Service name: FTPSVC) is installed and not disabled, this is a finding.
Fix Text
Remove or disable the "Microsoft FTP Service" (Service name: FTPSVC). To remove the "FTP Server" role from a system: Start "Server Manager" Select the server with the "FTP Server" role. Scroll down to "ROLES AND FEATURES" in the left pane. Select "Remove Roles and Features" from the drop down "TASKS" list. Select the appropriate server on the "Server Selection" page, click "Next". De-select "FTP Server" under "Web Server (IIS). Click "Next" and "Remove" as prompted.
Additional Identifiers
Rule ID: SV-225529r569185_rule
Vulnerability ID: V-225529
Group Title: SRG-OS-000096-GPOS-00050
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000382 |
The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services. |
Controls
| Number | Title |
|---|---|
| CM-7 |
Least Functionality |