[Forgot Password]
Login  Register Subscribe

30192

 
 

423868

 
 

233236

 
 

909

 
 

186272

 
 

207

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 30192 Download | Alert*

Unapproved mechanisms for authentication to the cryptographic module are not verified, and therefore cannot be relied upon to provide confidentiality or integrity, resulting in the compromise of DoD data. Operating systems using encryption are required to use FIPS-compliant mechanisms for authenticating to cryptographic modules. The implementation of OpenSSH that is included with macOS does not ...

Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity or strength is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor in determining how long it takes to crack a password. The more complex the password, the greater the number of possible com ...

The audit service _MUST_ be configured to immediately print messages to the console or email administrator users when an auditing failure occurs. It is critical for the appropriate personnel to be made aware immediately if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of a potentially harmful failure in the auditing ...

The system _MUST_ be configured to enforce multifactor authentication. All users _MUST_ go through multifactor authentication to prevent unauthenticated access and potential compromise to the system. NOTE: /etc/pam.d/login will be automatically modified to its original state following any update or major upgrade to the operating system. Setting the default value to "yes" will mess up s ...

The macOS _MUST_ be configured to disable accounts after 35 days of inactivity. This rule prevents malicious users from making use of unused accounts to gain access to the system while avoiding detection. Fix: sudo pwpolicy setglobalpolicy 'maxMinutesOfNonUse=50400' Note: 35 Days = 50400 minutes Patching the CCE led to unexpected outcome and hence its not being automated. If you consider patch ...

Setting a hot corner to disable the screen saver poses a potential security risk since an unauthorized person could use this to bypass the login screen and gain access to the system. Fix: $ sudo -u <username> defaults read com.apple.dock wvous-tl-corner $ sudo -u <username> defaults read com.apple.dock wvous-bl-corner $ sudo -u <username> defaults read com.apple.dock wvous-tr-co ...

Disabling Internet Sharing reduces the remote attack surface of the system. Internet sharing allows the computer to function as a router and other computers to use it for access. This can expose both the computer itself and the networks it is accessing to unacceptable access from unapproved devices. Fix: sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.nat NAT -dict Enabled ...

Automatically checking for updates makes it easier for the user to know when updates are available. It is important that a system has the newest updates applied to prevent unauthorized persons from exploiting identified vulnerabilities. Fix: defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -int 1

A filename extension is a suffix added to a base filename that indicates the base filenames file format. Visible filename extensions allow for the user to identify file types and the applications that files are associated with. It would help in identifying malicious files. Fix: defaults write /Users/"$currentUser"/Library/Preferences/.GlobalPreferences.plist AppleShowAllExtensions -bool ...

A source-routed packet attempts to specify the network path that the system should take. If the system is not configured to block the sending of source-routed packets, an attacker can redirect the system's network traffic. Fix: To configure the system to not forward source-routed packets, add the following line to /etc/sysctl.conf: net.inet.ip.sourceroute=0


Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   3019

© SecPod Technologies