Require Client SMB Packet Signing, if using mount.cifs
Require packet signing of clients who mount Samb
Ashares using the 'mount.cifs' program (e.g., those who specify shares
in '/etc/fstab'). To do so, ensure signing options (either
'sec=krb5i' or 'sec=ntlmv2i') are used.
See the 'mount.cifs(8)' man page for more information. A Samb
Aclient should only communicate with servers who can support SMB
packet signing.
Packet signing can prevent man-in-the-middle
attacks which modify SMB packets in transit.
Fix:
No Remediation Info
oval:org.secpod.oval:def:31223
oval:org.secpod.oval:def:30500
SCAP Repo OVAL Definition
2015-11-13