Details
Manages Internet SCSI (iSCSI) sessions from this computer to remote target devices.
The recommended state for this setting is: Disabled.
Rationale:
This service is critically necessary in order to directly attach to an iSCSI device. However, iSCSI itself uses a very weak authentication protocol (CHAP), which means that the passwords for iSCSI communication are easily exposed, unless all of the traffic is isolated and/or encrypted using another technology like IPsec. This service is generally more appropriate for servers in a controlled environment then on workstations requiring high security.
Impact:
The computer will not be able to directly login to or access iSCSI targets.
Solution
To establish the recommended configuration via GP, set the following UI path to: Disabled.
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsSystem ServicesMicrosoft iSCSI Initiator Service
Default Value:
Manual
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.