Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites.

An XCCDF Rule

Details
Profiles

Description

Certain encryption types are no longer considered secure. This setting configures a minimum encryption type for Kerberos, preventing the use of the DES and RC4 encryption suites.

ID: SV-253460r971535_rule
Version: WN11-SO-000190
Severity: Medium
References: CCI-000803
Updated: 24 days ago

Remediation Templates

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Local Policies >> Security Options >> "Network security: Configure encryption types allowed for Kerberos" to "Enabled" with only the following selected:

AES128_HMAC_SHA1
AES256_HMAC_SHA1
Future encryption types

Kerberos encryption types must be configured to prevent the use of DES and RC4 encryption suites.

Description

Remediation Templates

A Manual Procedure