|Paid content will be excluded from the download.
| Matches : 23631
|Automatically lock the account until the locked accoutn is released
By limiting the number of failed login attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute forcing, is reduced. Limits are imposed by locking the account. Setting a lockout expiration of 15 minutes is an effective deterrent against brute forcing that also makes allowances for legi ...
Disable NFS Services if Not in Use
If the system does not require access to NFS (Network File System) file shares or is not acting as an NFS server, then support for NFS is non-essential and NFS services must be disabled. NFS is a network file system protocol supported by Unix-like operating systems. Enabling any service increases the attack surface for an intruder. By disabling unnecessary servi ...
Disable File Sharing Services
File Sharing is non-essential and must be disabled. Enabling any service increases the attack surface for an intruder. By disabling unnecessary services, the attack surface is minimized.
Disable Screen Sharing
The Screen Sharing feature allows remote users to view or control the desktop of the current user. A malicious user can take advantage of Screen Sharing to gain full access to the system remotely, either with stolen credentials or by guessing the username and password. Disabling Screen Sharing mitigates this risk.
Disable the Finger Service
The finger service has had several security vulnerabilities in the past and is not a necessary service. It is disabled by default; enabling it would increase the attack surface of the system.
Disable the Insecure SSH Version (privileged accounts)
The SSH Version should be explicity set to Version 2. Version 2 supports strong crypto and was rewritten from scratch to resolve several weaknesses in Version 1 that make it extremely vulnerable to attackers. The weaker crypto in Version 1 is potentially susceptible to certain forms of replay attacks. The system default is to only enable Vers ...
Disable the Insecure SSH Version (Non privileged accounts)
The SSH Version should be explicity set to Version 2. Version 2 supports strong crypto and was rewritten from scratch to resolve several weaknesses in Version 1 that make it extremely vulnerable to attackers. The weaker crypto in Version 1 is potentially susceptible to certain forms of replay attacks. The system default is to only enable ...
Disable the Prompt for Apple ID and iCloud
The prompt for Apple ID and iCloud must be disabled, as it might mislead new users into creating unwanted Apple IDs and iCloud storage accounts upon their first login.
Disable Wi-Fi if Not Required
The kernel extension for Wi-Fi network devices such as Airport must be removed to ensure that users will not be able to reactivate wireless networking at a later time. System updates will sometimes replace deleted kernel extensions. Administrator users may need to periodically check to ensure that the file remains deleted. Alternately, the wireless card hardware may ...
Display the Mandatory DoD Notice and Consent Banner to Users at Logon
Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
System use notifications are required only for ...
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   2363
© 2013 SecPod Technologies