20.61 Ensure 'Telnet Client is not installed'

Information

This policy setting enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers.

The STIG recommended state for this setting is: Not Installed

Note: This service is not installed by default. It is supplied with Windows, but is installed by enabling an optional Windows feature (_Telnet Client).

Hosting a Telnet server (especially a non-secure Telnet) from a workstation is an increased security risk, as the attack surface of that workstation is then greatly increased.

Note: This security concern applies to any Telnet application installed on a workstation, not just the one supplied with Windows.

Solution

To establish the recommended configuration, navigate to the the following and Uninstall the Telnet Client feature:

To Uninstall the Telnet Client feature:

- Start

Server Manager

- Select the server with the role
- Scroll down to

ROLES AND FEATURES

in the right pane
- Select

Remove Roles and Features

from the drop-down

TASKS

list
- Select the appropriate server on the

Server Selection

page and click

Next

- Deselect

Telnet Client

on the

Features

page
- Click

Next

and

Remove

as prompted (if installed).

Impact:

Remote user Telnet access will not be available.

See Also

https://workbench.cisecurity.org/benchmarks/15301

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(4)

Plugin: Windows

Control ID: e5ace45b91e12308385025f60792768d9f8e253e59679820be957552226d0736