Back

Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" to organizational standards.


CONTROL ID
07730
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure Key, Certificate, Password, Authentication and Identity Management settings in accordance with organizational standards., CC ID: 07621

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (129EA24B-BAA4-4DE0-A500-D3FB5DEDC666, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (00A154A4-682F-4E15-A548-EB63CE62E039, Win7SP1 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (A215558E-28A3-411C-963E-A7CA5F4CE98D, Win8 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (87510082-B2A3-4B17-A183-DCB334CC3E00, Win8 Computer Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (59DB68E1-0A0B-43B8-84BB-CCE511AC95D5, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (FBA2072F-B090-4088-AAF9-49BAF3882BCF, WS2008R2SP1 Domain Controller Security Compliance, 1.1)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (E7650D31-1FDD-4AD1-A879-0711228E3523, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (8E87241C-8E6D-40B1-9B04-8E4608990A3E, WS2008R2SP1 Member Server Security Compliance, 1.1)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (D831D394-E219-4960-9BF9-10C204039512, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (38824DB4-43DF-4D4C-869D-2DEDDD8C9877, WS2012 Domain Controller Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (7FE84C03-D706-4D1A-9293-2FE507FF6EB0, WS2012 Member Server Security Compliance, 1.0)
  • Configure the "Network Security: Restrict NTLM: Audit Incoming NTLM Traffic" setting to "Not Defined". (1CE0DDE6-4036-4897-A752-B858E8F7BDBD, WS2012 Member Server Security Compliance, 1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operati… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.58_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.58.1_, The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operati… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.58_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.58.2_, The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operati… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.58_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.58.1_, The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operati… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.1.1.1.58_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.1.1.1.58.2_, The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0)
  • Title: Set 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' to 'Not Defined' Description: This policy setting allows you to audit incoming NTLM traffic.This policy is supported on at least Windows 7 or Windows Server 2008 R2.Note: Audit events are recorded on this computer in th… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.10_Set_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic_to_Not_Defined Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.10.1_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Set 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' to 'Not Defined' Description: This policy setting allows you to audit incoming NTLM traffic.This policy is supported on at least Windows 7 or Windows Server 2008 R2.Note: Audit events are recorded on this computer in th… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.10_Set_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic_to_Not_Defined Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.10.2_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Set 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' to 'Not Defined' Description: This policy setting allows you to audit incoming NTLM traffic.This policy is supported on at least Windows 7 or Windows Server 2008 R2.Note: Audit events are recorded on this computer in th… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.10_Set_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic_to_Not_Defined Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.10.1_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Set 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' to 'Not Defined' Description: This policy setting allows you to audit incoming NTLM traffic.This policy is supported on at least Windows 7 or Windows Server 2008 R2.Note: Audit events are recorded on this computer in th… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.11.10_Set_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic_to_Not_Defined Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.11.10.2_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operati… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.94_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.94.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operati… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.94_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.94.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operati… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.94_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.94.1_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Member Server Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the Operati… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.1.2.1.94_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.1.2.1.94.2_, The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Member Server Benchmark, 2.1.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the "Operat… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.6_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.6.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the "Operat… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.6_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.6.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the "Operat… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.6_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.6.1_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • Title: Configure 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' Description: This policy setting allows you to audit incoming NTLM traffic. This policy is supported on at least Windows 7 or Windows Server 2008 R2. Note: Audit events are recorded on this computer in the "Operat… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.1.3.12.6_Configure_Network_Security_Restrict_NTLM_Audit_Incoming_NTLM_Traffic Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.1.3.12.6.2_, The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0)
  • The 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' setting should be configured correctly. Technical Mechanisms: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network Security: Restrict NTLM: Audit Incoming NTLM Traffic (2) Regis… (CCE-10053-7, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)