Details

This is a Category 1 finding because it allows anonymous logon users (null session connections) to list all account names and enumerate all shared resources, thus providing a map of potential points to attack the system.

Solution

Configure the policy values for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> ‘Network access- Do not allow anonymous enumeration of SAM accounts’ and ‘Network access- Do not allow anonymous enumeration of SAM accounts and shares’ to ‘Enabled’.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

• 800-53|SC-4
• CAT|I
• CCI|CCI-001090
• CSCv6|16
• Rule-ID|SV-28982r1_rule
• STIG-ID|3.018
• Vuln-ID|V-1093

Source

• Tenable.com/audits