Collection of Baselines and or Configuration Itemss for Microsoft Endpoint Manager Configuration Manager for Defeating Vulnerability Scans
Currently Included is
Baseline : Top 25 Remediations by Risk
CIs :
Configure SMB signing for Windows
Disable insecure TLS/SSL protocol support
Obtain a new certificate from your CA and
ensure the server configuration is correct
Disable SSLv2, SSLv3, and TLS 1.0. The best
solution is to only have TLS 1.2 enabled
Disable TLS/SSL support for 3DES cipher suite
Disable TLS/SSL support for static key cipher suites
Disable TLS/SSL support for RC4 ciphers
Remove the default page or stop/disable the IIS server
Disable HTTP OPTIONS method
Set the password expiration for Windows Vista/2008 and newer
Force IIS7 to Display Hostname
Disable WebDAV for IIS
Stop Using SHA-1
Disable HTTP DELETE method
Restrict Processing of Recursive Queries
Use a Stronger Diffie-Hellman Group
Generate random Diffie-Hellman parameters
Enable TLS/SSL support for strong ciphers
