Details
Just as running unneeded services and protocols is a danger to the web server at the lower levels of the OSI model, running unneeded utilities and programs is a danger at the application layer of the OSI model. Office suites, development tools, and graphic editors are examples of such troublesome programs.
Individual productivity tools have no legitimate place or use on an enterprise production web server and are prone to security risks. The web server installation process must provide options allowing the installer to choose which utility programs, services, and modules are to be installed or removed. By having a process for installation and removal, the web server is guaranteed to be in a more stable and secure state than if these services and programs were installed and removed manually.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Remove all utility programs, Operating System features, or modules installed that are not necessary for web server operation.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.
References
- 800-53|CM-7a.
- CAT|II
- CCI|CCI-000381
- CSCv6|9.1
- Rule-ID|SV-218797r561041_rule
- STIG-ID|IIST-SV-000123
- STIG-Legacy|SV-109233
- STIG-Legacy|V-100129
- Vuln-ID|V-218797