Check: 5.004
Windows Vista STIG:
5.004
(in versions v6 r42 through v6 r41)
Title
Installed FTP server is configured to allow prohibited logins. (Cat II impact)
Discussion
The FTP (File Transfer Protocol) service allows remote users to access shared files and directories. Allowing anonymous FTP makes user auditing difficult. Using accounts that have administrator privileges to log on to FTP risks that the user id and password will be captured on the network, and give administrator access to an unauthorized user.
Check Content
In the “Command Prompt” window, enter the following command, and attempt to logon as the user “anonymous:” C:\>ftp 127.0.0.1 (Connected to ftru014538.ncr.disa.mil. 220 ftru014538 Microsoft FTP Service (Version 2.0).) User: anonymous (331 Anonymous access allowed, send identity (e-mail name) as password.) Password: password (230 Anonymous user logged in.) ftp> If the command response indicates that an anonymous FTP login was permitted, then this is a finding. Severity Override: If accounts with administrator privileges are used to access FTP, then this becomes a Category I finding.
Fix Text
Configure the system to prevent an installed FTP service from allowing prohibited logons.
Additional Identifiers
Rule ID: SV-29492r1_rule
Vulnerability ID: V-1120
Group Title: Prohibited FTP Logins
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |