UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Dedicated systems used for managing Active Directory remotely must be blocked from Internet Access.


Overview

Finding ID Version Rule ID IA Controls Severity
V-36437 AD.0007 SV-47843r1_rule ECSC-1 Medium
Description
A system used to manage Active Directory provides access to highly privileged areas of a domain. Such a system with Internet access may be exposed to numerous attacks and compromise the domain. Restricting Internet access for dedicated systems used to manage Active Directory will aid in protecting privileged domain accounts from being compromised.
STIG Date
Active Directory Domain Security Technical Implementation Guide (STIG) 2014-04-01

Details

Check Text ( C-44679r4_chk )
Verify access to the internet is prevented for systems dedicated to managing Active Directory. Various methods may be employed to accomplish this, such as restrictions at boundary firewalls, through proxy services, or with the Windows Firewall.

Review the Internet access restrictions with the administrator. If Internet access is not prevented, this is a finding.
Fix Text (F-40969r3_fix)
Block Internet access for systems dedicated to managing Active Directory. This can be accomplished by restrictions at boundary firewalls, proxy services, with the Windows Firewall or other methods.