Non-encrypted hard drives
Description
Disk or hard drives without encryption, leave data stored on a computer or network storage system unprotected. Full disk encryption is a great way to protect sensitive customer data.
Impact
- Access to company sensitive information - Modify or delete the information stored in the disks
Recommendation
Set the encrypted property for all the hard drives instances defined as code.
Threat
Authenticated attacker with local access to the machine
Expected Remediation Time
⏱️ 60 minutes.
Requirements
266 - Disable insecure functionalitiesScore
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
L
Attack complexity
H
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
L
Availability (VA)
L
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
P
Vector string
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P