Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25264 | OSX00120 M6 | SV-38516r1_rule | DCNR-1 ECCT-1 ECCT-2 | Medium |
Description |
---|
When configuring LDAPv3, do not add DHCP-supplied LDAP servers to automatic search policies if the network the computer is running on is not secure. If the network is unsecure, someone can create a rogue DHCP. Use authentication when connecting to LDAPv3 directories; disable clear text passwords for all LDAPv3 directories; digitally sign all LDAPv3 packets (requires Kerberos); encrypt all LDAPv3 packets (requires SSL or Kerberos); and block man-in-the-middle attacks (requires Kerberos). |
STIG | Date |
---|---|
MAC OSX 10.6 Workstation Security Technical Implementation Guide Draft | 2013-01-10 |
Check Text ( C-37731r1_chk ) |
---|
Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Show Advanced Options button. Click Services tab. Click the Lock and enter the password to unlock the options (if needed). Click the LDAPv3 service. Click the Pencil icon. Highlight the Server Name/Configuration Name. Click Edit. Click the Security tab and verify the "Use authentication when connecting" is checked. If option is not checked, this is a finding. |
Fix Text (F-32975r1_fix) |
---|
Open Finder. Click the Hard Drive icon. Double Click System. Double Click Library. Double Click CoreServices. Double Click Directory Utility. Click the Show Advanced Options button. Click Services tab. Click the Lock and enter the password to unlock the options (if needed). Click the LDAPv3 service. Click the Pencil icon. Highlight the Server Name/Configuration Name. Click Edit. Click on Security tab and select "Use authentication when connecting". |