Check or Attack Name: RAS

Remote Access services were discovered. These services provide users dial-in/out capabilities. These services may bypass required security mechanisms and provide network access to attackers.

Remove RAS if it is not needed, or configure RAS to disallow incoming calls.

• Stop or disable each of the Remote Access services. To stop or disable a service in Windows NT, follow these steps:
1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. Select the service from the list.
3. Click Stop.
4. When the service has stopped, click Startup.
5. Choose one of these options:
• To permanently disable the service, click Disabled.
• To turn the service off unless manually activated by the user or a program, click Manual.
6. Click OK, then click Close.

—AND—

7. From the Network control panel, remove Remote Access Services from the computer. To remove a network service from Windows NT, follow these steps:
1. Open the Network control panel. From the Windows NT Start menu, select Settings, Control Panel, Network.
2. Click the Services tab.
3. Highlight the service you want to remove.
4. Click Remove and confirm the removal.
5. Click OK to close the Network control panel.

—OR—

8. If RAS is required, disallow the dial-in option. This action does not remove the vulnerability, but it does make RAS somewhat safer from incoming connections. To disable dial-in for Remote Access Services (RAS), follow these steps:
1. Open the Network control panel. From the Windows NT Start menu, select Settings, Control Panel, Network.
2. From the Services tab, select Remote Access Services.
3. Click Properties.
4. Select the communication device you want to configure.
5. Click Configure.
6. Set the Port Usage to Dial Out Only and click OK.
7. Repeat steps 4 to 6 for other communication devices.