Network access: Named Pipes that can be accessed anonymouslyID: oval:gov.nist.usgcb.windowsseven:def:90 | Date: (C)2012-04-13 (M)2023-07-14 |
Class: COMPLIANCE | Family: windows |
This policy setting determines which communication sessions, or pipes, have attributes and permissions that allow anonymous access. Restricting access over named pipes such as COMNAP and LOCATOR helps prevent unauthorized access to the network. The table in the Vulnerability section lists default named pipes and their purpose. A named pipe is a Windows specific interprocess communication method that allows processes on the same or different systems to communicate with each other. This setting allows you to define exceptions to the is enabled. This setting is necessary since there are a few components of Windows with name pipes that must allow anonymous access in order to function.
This security setting determines which communication sessions (pipes) will have attributes and permissions that allow anonymous access.
Default: None.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Named Pipes that can be accessed anonymously
(2) REG: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters!NullSessionPipes
Platform: |
Microsoft Windows 7 |