[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30475 Download | Alert*

Administrator users must never log in directly as root. To assure individual accountability and prevent unauthorized access, logging in as root over a remote connection must be disabled. Administrators should only run commands as root after first authenticating with their individual user names and passwords. Fix: In order to make sure that PermitRootLogin is disabled by sshd, run the following co ...

External writeable media devices must be disabled for users. External USB devices are a potential vector for malware and can be used to exfiltrate sensitive data if an approved data-loss prevention (DLP) solution is not installed. Fix: Renaming or Removing /System/Library/Extensions/IOUSBMassStorageClass.kext folder will disable the USB storage access ability for users

SSH _MUST_ be configured with an Active Server Alive Maximum Count set to zero. Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session or an incomplete login attempt will also free ...

If SSHD is enabled then it _MUST_ be configured to limit the Message Authentication Codes (MACs) to algorithms that are FIPS 140 validated. FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meets federal requirements. Operating systems utilizing encryption _MUST_ use FIPS validated mechanisms for authenticating to c ...

The account lockout threshold specifies the amount of times a user can enter an incorrect password before a lockout will occur. Ensure that a lockout threshold is part of the password policy on the computer. The account lockout feature mitigates brute-force password attacks on the system. The number of incorrect log on attempts should be reasonably small to minimize the possibility of a successf ...

The macOS _MUST_ be configured to require at least one lower-case character an one upper-case character be used when a password is created. This rule enforces password complexity by requiring users to set passwords that are less vulnerable to malicious users. Fix: To set the password policy, run the following command: sudo pwpolicy setglobalpolicy 'requiresMixedCase=1' NOTE: See the password ...

If the system does not require Remote Apple Events, support for Apple Remote Events is non-essential and _MUST_ be disabled. The information system _MUST_ be configured to provide only essential capabilities. Disabling Remote Apple Events helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling. Fix: /usr/sbin/systemsetup -setre ...

If SSHD is enabled then it _MUST_ be configured to limit the Message Authentication Codes (MACs) to algorithms that are FIPS 140 validated. FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meets federal requirements. Operating systems utilizing encryption _MUST_ use FIPS validated mechanisms for authenticating to c ...

NFS sharing could be enabled to allow someone on another computer to mount shares and gain access to information from the users computer. File serving should not be done from a user desktop, dedicated servers should be used. Open ports make it easier to exploit the computer. Fix nfsd disable

A source-routed packet attempts to specify the network path the packet should take. If the system is not configured to block the incoming source-routed packets, an attacker can redirect the system's network traffic. Configuring the system to drop incoming source-routed IPv4 packets mitigates this risk. Fix: To configure the system to not accept source-routed packets, add the following line to /et ...


Pages:      Start    24    25    26    27    28    29    30    31    32    33    34    35    36    37    ..   3047

© SecPod Technologies