20.62 Ensure 'Telnet Client is not installed'

Information

This policy setting enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers.

The STIG recommended state for this setting is: Not Installed

Note: This service is not installed by default. It is supplied with Windows but is installed by enabling an optional Windows feature (_Telnet Client).

Hosting a Telnet server (especially a non-secure Telnet) from a workstation is an increased security risk, as the attack surface of that workstation is then greatly increased.

Note: This security concern applies to any Telnet application installed on a workstation, not just the one supplied with Windows.

Solution

To establish the recommended configuration, navigate to the following and Uninstall the Telnet Client feature:

To Uninstall the Telnet Client feature:

- Start

Server Manager

- Select the server with the role
- Scroll down to

ROLES AND FEATURES

in the right pane
- Select

Remove Roles and Features

from the drop-down

TASKS

list
- Select the appropriate server on the

Server Selection

page and click

Next

- Deselect

Telnet Client

on the

Features

page
- Click

Next

and

Remove

as prompted (if installed).

Impact:

Remote user Telnet access will not be available.

See Also

https://workbench.cisecurity.org/benchmarks/18857

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(4)

Plugin: Windows

Control ID: a96a3cb46a2ae1b7e96bef9cfee5d4b7a6fdbcfd94953b9d9aa56a91be2ab7ef