Check: 3.061
windows 7 iavm:
3.061
(in version v1 r32)
Title
Unencrypted remote access to system services must not be permitted. (Cat I impact)
Discussion
Unencrypted access to system services may permit user identification and passwords that are being transmitted in clear text to be intercepted. This could provide an intruder access to the network.
Check Content
Verify encryption is required for remote access. If userid and password information are not encrypted, this is a finding. If administrator data is not encrypted, this is a finding. If user data coming from or going outside the enclave is not encrypted, this is a finding.
Fix Text
Require encryption for remote access. Encryption of userid and password information is always required. Encryption of administrator data is always required. Encryption of user data coming from or going outside the network firewall is required. Encryption of the user data inside the network firewall is also highly recommended.
Additional Identifiers
Rule ID:
Vulnerability ID: V-2908
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000068 |
Implement cryptographic mechanisms to protect the confidentiality of remote access sessions. |
Controls
| Number | Title |
|---|---|
| AC-17(2) |
Protection of Confidentiality / Integrity Using Encryption |