Title

The system is not configured to meet the minimum requirement for session security for NTLM SSP based clients. (Cat II impact)

Discussion

Microsoft has implemented a variety of security support providers for use with RPC sessions. In a homogenous Windows environment, all of the options should be enabled and testing should be performed in a heterogeneous environment to determine the maximum-security level that provides reliable functionality.

Check Content

Fix Text

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> “Network security: Minimum session security for NTLM SSP based (including secure RPC) clients” to “Require NTLMv2 session security”, ”Require 128-bit encryption” (all options selected).

Additional Identifiers

Rule ID: SV-25107r1_rule

Vulnerability ID: V-3382

Group Title: Session Security for NTLM SSP Based Clients

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.