[Forgot Password]
Login  Register Subscribe

30192

 
 

423868

 
 

233236

 
 

909

 
 

186272

 
 

207

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30192 Download | Alert*

External writeable media devices must be disabled for users. External USB devices are a potential vector for malware and can be used to exfiltrate sensitive data if an approved data-loss prevention (DLP) solution is not installed. Fix: Renaming or Removing /System/Library/Extensions/IOUSBMassStorageClass.kext folder will disable the USB storage access ability for users

SSH _MUST_ be configured with an Active Server Alive Maximum Count set to zero. Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session or an incomplete login attempt will also free ...

If SSHD is enabled then it _MUST_ be configured to limit the Message Authentication Codes (MACs) to algorithms that are FIPS 140 validated. FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meets federal requirements. Operating systems utilizing encryption _MUST_ use FIPS validated mechanisms for authenticating to c ...

The account lockout threshold specifies the amount of times a user can enter an incorrect password before a lockout will occur. Ensure that a lockout threshold is part of the password policy on the computer. The account lockout feature mitigates brute-force password attacks on the system. The number of incorrect log on attempts should be reasonably small to minimize the possibility of a successf ...

The macOS _MUST_ be configured to require at least one lower-case character an one upper-case character be used when a password is created. This rule enforces password complexity by requiring users to set passwords that are less vulnerable to malicious users. Fix: To set the password policy, run the following command: sudo pwpolicy setglobalpolicy 'requiresMixedCase=1' NOTE: See the password ...

If the system does not require Remote Apple Events, support for Apple Remote Events is non-essential and _MUST_ be disabled. The information system _MUST_ be configured to provide only essential capabilities. Disabling Remote Apple Events helps prevent the unauthorized connection of devices, the unauthorized transfer of information, and unauthorized tunneling. Fix: /usr/sbin/systemsetup -setre ...

If SSHD is enabled then it _MUST_ be configured to limit the Message Authentication Codes (MACs) to algorithms that are FIPS 140 validated. FIPS 140-2 is the current standard for validating that mechanisms used to access cryptographic modules utilize authentication that meets federal requirements. Operating systems utilizing encryption _MUST_ use FIPS validated mechanisms for authenticating to c ...

NFS sharing could be enabled to allow someone on another computer to mount shares and gain access to information from the users computer. File serving should not be done from a user desktop, dedicated servers should be used. Open ports make it easier to exploit the computer. Fix nfsd disable

A source-routed packet attempts to specify the network path the packet should take. If the system is not configured to block the incoming source-routed packets, an attacker can redirect the system's network traffic. Configuring the system to drop incoming source-routed IPv4 packets mitigates this risk. Fix: To configure the system to not accept source-routed packets, add the following line to /et ...

Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. One method of minimizing this risk is to use complex passwords and periodically change them. If the operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the operating system passwords could be compromised. Fix ...


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3019

© SecPod Technologies