STIGQter: STIG Summary: Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide Version: 3 Release: 2 Benchmark Date: 04 May 2021: STIGQter: STIG Summary: Microsoft Windows Server 2012/2012 R2 Domain Controller Security Technical Implementation Guide Version: 3 Release: 2 Benchmark Date: 04 May 2021:SV-226258r569184_rule
V-226258
SRG-OS-000480-GPOS-00227
WN12-GE-000027
CAT I
10
Configure the system to only allow FTP access to specific folders containing the data to be available through the service.
If FTP is not installed on the system, this is NA.
Determine the IP address and port number assigned to FTP sites from documentation or configuration.
If Microsoft FTP is used, open "Internet Information Services (IIS) Manager".
Select "Sites" under the server name.
For any sites that reference FTP, view the Binding information for IP address and port. The standard port for FTP is 21, however this may be changed.
Open a "Command Prompt".
Access the FTP site and review accessible directories with the following commands:
Note: Returned results may vary depending on the FTP server software.
C:\> "ftp"
ftp> "Open IP Address Port"
(Substituting [IP Address] and [Port] with the information previously identified. If no IP Address was listed in the Binding, attempt using "localhost".)
(Connected to IP Address
220 Microsoft FTP Service)
User (IP Address): "FTP User"
(Substituting [FTP User] with an account identified that is allowed access. If it was determined that anonymous access was allowed to the site [see V-1120], also review access using "anonymous".)
(331 Password required)
Password: "Password"
(Substituting [Password] with password for the account attempting access.)
(230 User ftpuser logged in.)
ftp> "Dir"
If the FTP session indicates access to areas of the system other than the specific folder for FTP data, such as the root of the drive, Program Files or Windows directories, this is a finding.
V-226258
False
WN12-GE-000027
If FTP is not installed on the system, this is NA.
Determine the IP address and port number assigned to FTP sites from documentation or configuration.
If Microsoft FTP is used, open "Internet Information Services (IIS) Manager".
Select "Sites" under the server name.
For any sites that reference FTP, view the Binding information for IP address and port. The standard port for FTP is 21, however this may be changed.
Open a "Command Prompt".
Access the FTP site and review accessible directories with the following commands:
Note: Returned results may vary depending on the FTP server software.
C:\> "ftp"
ftp> "Open IP Address Port"
(Substituting [IP Address] and [Port] with the information previously identified. If no IP Address was listed in the Binding, attempt using "localhost".)
(Connected to IP Address
220 Microsoft FTP Service)
User (IP Address): "FTP User"
(Substituting [FTP User] with an account identified that is allowed access. If it was determined that anonymous access was allowed to the site [see V-1120], also review access using "anonymous".)
(331 Password required)
Password: "Password"
(Substituting [Password] with password for the account attempting access.)
(230 User ftpuser logged in.)
ftp> "Dir"
If the FTP session indicates access to areas of the system other than the specific folder for FTP data, such as the root of the drive, Program Files or Windows directories, this is a finding.
M
4217