Microsoft iSCSI Initiator Service (MSiSCSI)ID: oval:org.secpod.oval:def:80603 | Date: (C)2022-06-02 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
Manages Internet SCSI (iSCSI) sessions from this computer to remote target devices.
This service is critically necessary in order to directly attach to an iSCSI device. However,
iSCSI itself uses a very weak authentication protocol (CHAP), which means that the
passwords for iSCSI communication are easily exposed, unless all of the traffic is isolated
and/or encrypted using another technology like IPsec. This service is generally more
appropriate for servers in a controlled environment then on workstations requiring high
security.
Default: Manual.
Counter Measure:
The recommended state for this setting is Disabled.
Potential Impact:
The computer will not be able to directly login to or access iSCSI targets.
Fix:
(1) GPO: Computer Configuration\Windows Settings\Security Settings\System Services\Microsoft iSCSI Initiator Service
(2) REG: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSiSCSI!Start
Platform: |
Microsoft Windows 10 |