Check: WN19-00-000350
Microsoft Windows Server 2019 STIG:
WN19-00-000350
(in versions v3 r2 through v1 r1)
Title
Windows Server 2019 must not have Simple TCP/IP Services installed. (Cat II impact)
Discussion
Unnecessary services increase the attack surface of a system. Some of these services may not support required levels of authentication or encryption or may provide unauthorized access to the system.
Check Content
Open "PowerShell". Enter "Get-WindowsFeature | Where Name -eq Simple-TCPIP". If "Installed State" is "Installed", this is a finding. An Installed State of "Available" or "Removed" is not a finding.
Fix Text
Uninstall the "Simple TCP/IP Services" feature. Start "Server Manager". Select the server with the feature. Scroll down to "ROLES AND FEATURES" in the right pane. Select "Remove Roles and Features" from the drop-down "TASKS" list. Select the appropriate server on the "Server Selection" page and click "Next". Deselect "Simple TCP/IP Services" on the "Features" page. Click "Next" and "Remove" as prompted.
Additional Identifiers
Rule ID: SV-205680r958478_rule
Vulnerability ID: V-205680
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
Configure the system to provide only organization-defined mission essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |