Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Dedicated systems used for managing Active Directory remotely must be blocked from Internet Access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-36437 | AD.0007 | SV-47843r2_rule | ECSC-1 | Medium |
| Description |
|---|
| A system used to manage Active Directory provides access to highly privileged areas of a domain. Such a system with Internet access may be exposed to numerous attacks and compromise the domain. Restricting Internet access for dedicated systems used to manage Active Directory will aid in protecting privileged domain accounts from being compromised. |
| STIG | Date |
|---|---|
| Active Directory Domain Security Technical Implementation Guide (STIG) | 2017-12-15 |
Details
| Check Text ( C-44679r4_chk ) |
|---|
| Verify access to the internet is prevented for systems dedicated to managing Active Directory. Various methods may be employed to accomplish this, such as restrictions at boundary firewalls, through proxy services, or with the Windows Firewall. Review the Internet access restrictions with the administrator. If Internet access is not prevented, this is a finding. |
| Fix Text (F-40969r3_fix) |
|---|
| Block Internet access for systems dedicated to managing Active Directory. This can be accomplished by restrictions at boundary firewalls, proxy services, with the Windows Firewall or other methods. |