Hi,
As the topic implies i am running Retina Network Security Scanner as i have been tasked with STIGing some servers. I have already applied the STIG complaint GPO to these machines and have made all the changes that were possible.
What i have in my environment is a group of Server 2012 machines running SQL, Sharepoint and IIS. All in a server 2008 r1 domain (meaning the AD servers for the domain are Server 2008 r1 servers)
These servers are used for a type of web-service or website that users can log and and search for a certain type of data. This isn't needed to be focused on too much but i just wanted to give you all that can help some background and understanding of what i am working with. I would appreciate any help on how to stop these from showing up when i do another scan.
The following are the top vulnerabilities i have and cannot find out how to fix or solve them.
TOP VULNERABILITIES
HTTP 1.1 Protocol detected
Microsoft Windows Password Complexity
Microsoft Windows User Password Not Required
Network Traffic Can Circumvent Web Proxy
Web Proxy Allows Executables
Thanks in advance for your help with this.