Hello - I am currently going through a PCI audit and they found the below vulnerability.
3.1.5. CIFS NULL Session Permitted
The policy "Network access: Named pipes that can be accessed anonymously" has netlogon,samr,lsarpc in the list. I believe this is where the vulnerability came from. I understand they are ldap services but do I need to allow them via anonymous access? is there a more secure method for these services to use?
Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.