MSS: (Hidden) Hide computer from the browse list (Not Recommended except for highly secure environments)ID: oval:gov.nist.usgcb.windowsseven:def:20013 | Date: (C)2012-04-13 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
Hiding the computer from the Browse List removes one method attackers might use to gether information about computers on the network.
You can configure a computer so that it does not send announcements to browsers on the domain. If you do, you hide the computer from the Network Browser list; it does not announce itself to other computers on the same network.
Vulnerability:
An attacker who knows the name of a computer can more easily gather additional information about the computer. If you enable this entry, you remove one method that an attacker might use to gather information about computers on the network. Also, if you enable this entry you can help reduce network traffic. However, the vulnerability is small because attackers can use alternative methods to identify and locate potential targets.
Countermeasure:
Do not configure the Hidden entry except on highly secure computers, where it should be configured to a value of 1 (enabled).
Potential impact:
The computer does not appear on the Browser list or in Network list on other computers on the same network.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\MSS: (Hidden) Hide Computer From the Browse List (not recommended except for highly secure environments)
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Lanmanserver\Parameters!Hidden
Platform: |
Microsoft Windows 7 |