NNT PCI DSS Microsoft Windows Server 2012 R2 Benchmark 12/17/ :37
|
|
- Josephine Chase
- 8 years ago
- Views:
Transcription
1 NNT PCI DSS Microsoft Windows Server 2012 R2 Benchmark 12/17/ :37 Compliance Score : 89.81% 370 of 412 rules passed 0 of 412 rules partially passed 42 of 412 rules failed Detailed PCI DSS v3.1 Requirements and Security Assessment Procedures: NNT PCI DSS Microsoft Windows Server 2012 R2. To obtain the latest version of this guide, please visit If you have questions, comments, or have identified ways to improve this guide, please write us at support@nntws.com 1 Build and Maintain a Secure Network and Systems: Requirement 1: Install and maintain a firewall 1.1 Requirement 1: Install and maintain a firewall configuration to protect cardholder data: Corporate Firewall and In-Scope Devices Internal Firewall Requirement 1: Firewall configuration standards: Track and Approve Config Changes A formal process for approving and testing all network connections and changes to the firewall and router configurations 1.2 Requirement 1: Install and maintain a firewall configuration to protect cardholder data: Windows Server Firewall Requirement 1: Firewall configuration standards: Windows Firewall With Advanced Security - Domain Set 'Windows Firewall: Domain: Firewall state' to 'On (recommended)' Set 'Windows Firewall: Domain: Inbound connections' to 'Block (default)' Set 'Windows Firewall: Domain: Outbound connections' to 'Allow (default)' Set 'Windows Firewall: Domain: Display a notification' to 'Yes (default)' Set 'Windows Firewall: Domain: Allow unicast response' to 'No' Set 'Windows Firewall: Domain: Apply local firewall rules' to 'Yes (default)' Set 'Windows Firewall: Domain: Apply local connection security rules' to 'Yes (default)' Set 'Windows Firewall: Domain: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\domainfw.log' Set 'Windows Firewall: Domain: Logging: Size limit (KB)' to '16,384 KB or greater ' Set 'Windows Firewall: Domain: Logging: Log dropped packets' to 'Yes' Set 'Windows Firewall: Domain: Logging: Log successful connections' to 'Yes' Requirement 1: Firewall configuration standards: Windows Firewall With Advanced Security - Private Profile Set 'Windows Firewall: Private: Firewall state' to 'On (recommended)' Set 'Windows Firewall: Private: Inbound connections' to 'Block (default)' Set 'Windows Firewall: Private: Outbound connections' to 'Allow (default)' Set 'Windows Firewall: Private: Display a notification' to 'Yes (default)' Set 'Windows Firewall: Private: Allow unicast response' to 'No' Set 'Windows Firewall: Private: Apply local firewall rules' to 'Yes (default)' Set 'Windows Firewall: Private: Apply local connection security rules' to 'Yes (default)' Set 'Windows Firewall: Private: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\privatefw.log' Page 1
2 Set 'Windows Firewall: Private: Logging: Size limit (KB)' to '16,384 KB or greater' Set 'Windows Firewall: Private: Logging: Log dropped packets' to 'Yes' Set 'Windows Firewall: Private: Logging: Log successful connections' to 'Yes' Requirement 1: Firewall configuration standards: Windows Firewall With Advanced Security - Public Profile Set 'Windows Firewall: Public: Firewall state' to 'On (recommended)' Set 'Windows Firewall: Public: Inbound connections' to 'Block (default)' Set 'Windows Firewall: Public: Outbound connections' to 'Allow (default)' Set 'Windows Firewall: Public: Display a notification' to 'Yes' Set 'Windows Firewall: Public: Allow unicast response' to 'No' Set 'Windows Firewall: Public: Apply local firewall rules' to 'Yes (default)' Set 'Windows Firewall: Public: Apply local connection security rules' to 'No' Set 'Windows Firewall: Public: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\publicfw.log' Set 'Windows Firewall: Public: Logging: Size limit (KB)' to '16,384 KB or greater' Set 'Windows Firewall: Public: Logging: Log dropped packets' to 'Yes' Set 'Windows Firewall: Public: Logging: Log successful connections' to 'Yes' 2 Build and Maintain a Secure Network and Systems: Requirement 2: Do not use vendor-supplied defaults 2.1 Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters: Develop configuration standards for all system components Requirement 2: System Hardening - Default User Accounts Set 'Accounts: Guest account status' to 'Disabled' Configure 'Accounts: Rename administrator account' Configure 'Accounts: Rename guest account' Requirement 2: System Hardening - Personalization Rules Set 'Enable screen saver' to 'Enabled' Set 'Force specific screen saver: Screen saver executable name' to 'Enabled:scrnsave.scr' Set 'Password protect the screen saver' to 'Enabled' Requirement 2: System Hardening - Attachment Manager Rules Set 'Do not preserve zone information in file attachments' to 'Disabled' 2.2 Requirement 2: System Hardening: Non-Default Services List - Verify that system configuration standards include the following procedures for all types of system components: - Changi Requirement 2: System Hardening: Check for any Non-Default Services Check for any Non-Default Services 2.3 Requirement 2: System Hardening: Mandatory Services List - Verify that system configuration standards include the following procedures for all types of system components: - Changin Page 2
3 2.3.1 Requirement 2: System Hardening: Mandatory Services List App Readiness Service Application Experience Service Application Host Helper Service Application Identity Service Application Information Service Application Layer Gateway Service Application Management Service AppX Deployment Service (AppXSVC) Service ASP.NET State Service (aspnet_state) Service Background Intelligent Transfer Service Background Tasks Infrastructure (BrokerInfrastructure) Service Base Filtering Engine Service Certificate Propagation Service CNG Key Isolation Service COM+ Event System Service COM+ System Application Service Computer Browser Service Credential Manager Service Cryptographic Services Service DCOM Server Process Launcher Service Device Association (deviceassociationservice) Service Device Install (deviceinstall) Service Device Setup (dsmsvc) Service DHCP Client Service Diagnostic Policy Service Diagnostic Service Host Service Diagnostic System Host Service Distributed Link Tracking Client Service Distributed Transaction Coordinator Service DNS Client Service The Enhanced Mitigation Experience Toolkit (EMET) Service Encrypting File System (EFS) Service Extensible Authentication Protocol Service Function Discovery Provider Host Service Function Discovery Resource Publication Service Group Policy Client Service Health Key and Certificate Management Service Human Interface Device Access Service Hyper-V Data Exchange Service (vmickvpexchange) Service Hyper-V Guest Service Interface (vmicguestinterface) Service Page 3
4 Hyper-V Guest Shutdown Service (vmicshutdown) Service Hyper-V Heartbeat Service (vmicheartbeat) Service Hyper-V Remote Desktop Virtualization Service (vmicrdv) Service Hyper-V Time Synchronization Service (vmictimesync) Service Hyper-V Volume Shadow Copy Requestor (vmicvss) Service IKE and AuthIP IPsec Keying Modules Service Interactive Services Detection Service Internet Connection Sharing (ICS) Service Internet Explorer ETW Collector Service IP Helper Service IPsec Policy Agent Service KDC Proxy Server service (kpssvc) Service KtmRm for Distributed Transaction Coordinator Service Link-Layer Topology Discovery Mapper Service Microsoft iscsi Initiator Service Microsoft Software Shadow Copy Provider Service Microsoft Storage Spaces SMP (smphost) Service Multimedia Class Scheduler Service Net.Tcp Port Sharing Service Netlogon Service Network Access Protection Agent Service Network Connections Service Network Connectivity Assistant (ncasvc) Service Network List Service Network Location Awareness Service Network Store Interface Service Optimize Drives (defragsvc) Service Performance Counter DLL Host (perfhost) Service Performance Logs and Alerts Service Plug and Play Service Portable Device Enumerator Service Power Service Print Spooler Service Printer Extensions and Notifications Service Problem Reports and Solutions Control Panel Support Service Remote Access Auto Connection Manager Service Remote Access Connection Manager Service Remote Desktop Configuration Service Remote Desktop Services Service Remote Desktop Services UserMode Port Redirector Remote Procedure Call (RPC) Service Remote Procedure Call (RPC) Locator Service Page 4
5 Remote Registry Service Resultant Set of Policy Provider Service Routing and Remote Access Service RPC Endpoint Mapper Service Secondary Logon Service Secure Socket Tunneling Protocol Service Security Accounts Manager Service Server Service Shell Hardware Detection Service Smart Card Service Smart Card Device Enumeration Service Smart Card Removal Policy Service SNMP Trap Service Software Protection Service Special Administration Console Helper Service Spot Verifier Service SSDP Discovery Service Storage Tiers Management Service Superfetch Service System Event Notification Service System Events Broker Service Task Scheduler Service TCP/IP NetBIOS Helper Service Telephony Service Themes Service Thread Ordering Server Service UPnP Device Host Service User Access Logging Service User Profile Service Virtual Disk Service Volume Shadow Copy Service Windows Audio Service Windows Audio Endpoint Builder Service Windows Color System Service Windows Connection Manager (wcmsvc) Service Windows Driver Foundation - User-mode Driver Framework Service Windows Encryption Provider Host Service Windows Error Reporting Service Windows Event Collector Service Windows Event Log Service Windows Firewall Service Windows Font Cache (fontcache) Service Page 5
6 Windows Installer Service Windows Management Instrumentation Service Windows Modules Installer Service Windows Presentation Foundation Font Cache (fontcache ) Service Windows Process Activation Service Service Windows Remote Management (WS-Management) Service Windows Store Service (WSService) Windows Time Service Windows Update Service WinHTTP Web Proxy Auto-Discovery Service Wired AutoConfig Service WMI Performance Adapter Service Workstation Service 2.4 Requirement 2: System Hardening: Optional Services List - - Verify that system configuration standards include the following procedures for all types of system components: - Changing Requirement 2: System Hardening: Optional Services List Optional Services List: NNT Agent Service (NNTAgentService) Optional Services List: NNT Proxy Agent Service (NNTAgentProxyService) Optional Services List: NNT Change Tracker Gen 7 MongoDB Service Optional Services List: NNT Change Tracker Gen 7 Redis Service Optional Services List: ASP.NET State Service (aspnet_state) Service Optional Services List: World Wide Web Publishing Service Optional Services List: W3C Logging Service 2.5 Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters: Develop configuration standards for all system components Requirement 2: System Hardening: Group Policy Rules Set 'Configure registry policy processing: Do not apply during periodic background processing' to 'False' Set 'Configure registry policy processing: Process even if the Group Policy objects have not changed' to 'True' Requirement 2: System Hardening: Internet Communication settings Rules Set 'Turn off downloading of print drivers over HTTP' to 'Enabled' Set 'Turn off Internet download for Web publishing and online ordering wizards' to 'Enabled' Set 'Turn off printing over HTTP' to 'Enabled' Set 'Turn off Search Companion content file updates' to 'Enabled' Set 'Turn off the "Publish to Web" task for files and folders' to 'Enabled' Set 'Turn off the Windows Messenger Customer Experience Improvement Program' to 'Enabled' Requirement 2: System Hardening: Personalization Rules Set 'Prevent enabling lock screen camera' to 'Enabled' Page 6
7 Set 'Prevent enabling lock screen slide show' to 'Enabled' Requirement 2: System Hardening: Search Rules Set 'Allow indexing of encrypted files' to 'Disabled' Requirement 2: System Hardening: Windows Installer Rules Set 'Always install with elevated privileges' to 'Disabled' Requirement 2: System Hardening - Additonal Measues: Administrative Templates (Computer) Rules Set 'Apply UAC restrictions to local accounts on network logons' to 'Enabled' Set 'WDigest Authentication' to 'Disabled' Requirement 2: System Hardening - Additonal Measues: App runtime Rules Set 'Allow Microsoft accounts to be optional' to 'Enabled' Requirement 2: System Hardening - Additonal Measues: User Account Control Rules Set 'User Account Control: Admin Approval Mode for the Built-in Administrator account' to 'Enabled' Set 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' to 'Disabled' Set 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' to 'Prompt for consent on the secure desktop' Set 'User Account Control: Behavior of the elevation prompt for standard users' to 'Automatically deny elevation requests' Set 'User Account Control: Detect application installations and prompt for elevation' to 'Enabled' Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled' Set 'User Account Control: Run all administrators in Admin Approval Mode' to 'Enabled' Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled' Set 'User Account Control: Virtualize file and registry write failures to per-user locations' to 'Enabled' Requirement 2: System Hardening - Additonal Measues: AutoPlay Policies Rules Set 'Turn off Autoplay' to 'Enabled:All drives' Requirement 2: System Hardening - Additonal Measues: EMET Rules Ensure EMET is installed Set 'Default Protections for Internet Explorer' to 'Enabled' Set 'Default Protections for Popular Software' to 'Enabled' Set 'Default Protections for Recommended Software' to 'Enabled' Set 'System ASLR' to 'Enabled:Application Opt-In' Set 'System DEP' to 'Enabled:Application Opt-Out' Page 7
8 Set 'System SEHOP' to 'Enabled:Application Opt-Out' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - User Rights Assignment Set 'Access Credential Manager as a trusted caller' to 'No One' Set 'Access this computer from the network' Set 'Act as part of the operating system' to 'No One' Set 'Adjust memory quotas for a process' to 'Administrators, LOCAL SERVICE, NETWORK SERVICE' Set 'Allow log on locally' to 'Administrators' Configure 'Allow log on through Remote Desktop Services' Set 'Back up files and directories' to 'Administrators' Set 'Change the system time' to 'Administrators, LOCAL SERVICE' Set 'Change the time zone' to 'Administrators, LOCAL SERVICE' Set 'Create a pagefile' to 'Administrators' Set 'Create a token object' to 'No One' Set 'Create global objects' to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' Set 'Create permanent shared objects' to 'No One' Set 'Create symbolic links' to 'Administrators' Set 'Debug programs' to 'Administrators' Set 'Enable computer and user accounts to be trusted for delegation' Set 'Force shutdown from a remote system' to 'Administrators' Set 'Impersonate a client after authentication' to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' Set 'Increase scheduling priority' to 'Administrators' Set 'Load and unload device drivers' to 'Administrators' Set 'Lock pages in memory' to 'No One' Set 'Modify an object label' to 'No One' Set 'Modify firmware environment values' to 'Administrators' Set 'Perform volume maintenance tasks' to 'Administrators' Set 'Profile single process' to 'Administrators' Set 'Profile system performance' to 'Administrators, NT SERVICE\WdiServiceHost' Set 'Replace a process level token' to 'LOCAL SERVICE, NETWORK SERVICE' Set 'Restore files and directories' to 'Administrators' Set 'Shut down the system' to 'Administrators' Set 'Take ownership of files or other objects' to 'Administrators' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Security Options Set 'Accounts: Block Microsoft accounts' to 'Users can't add or log on with Microsoft accounts' Set 'Accounts: Guest account status' to 'Disabled' Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Configure 'Accounts: Rename administrator account' Configure 'Accounts: Rename guest account' Page 8
9 Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Devices Rules Set 'Devices: Allowed to format and eject removable media' to 'Administrators' Set 'Devices: Prevent users from installing printer drivers' to 'Enabled' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Domain member Rules Set 'Domain member: Digitally encrypt or sign secure channel data (always)' to 'Enabled' Set 'Domain member: Digitally encrypt secure channel data (when possible)' to 'Enabled' Set 'Domain member: Digitally sign secure channel data (when possible)' to 'Enabled' Set 'Domain member: Disable machine account password changes' to 'Disabled' Set 'Domain member: Maximum machine account password age' to 30 or fewer days, but not Set 'Domain member: Require strong (Windows 2000 or later) session key' to 'Enabled' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Interactive logon Rules Set 'Interactive logon: Do not display last user name' to 'Enabled' Set 'Interactive logon: Do not require CTRL+ALT+DEL' to 'Disabled' Configure 'Interactive logon: Message text for users attempting to log on' Configure 'Interactive logon: Message title for users attempting to log on' Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '4 or fewer logon(s)' Set 'Interactive logon: Prompt user to change password before expiration' to 'between 5 and 14 days' Set 'Interactive logon: Smart card removal behavior' to 'Lock Workstation' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Microsoft network client Rules Set 'Microsoft network client: Digitally sign communications (always)' to 'Enabled' Set 'Microsoft network client: Digitally sign communications (if server agrees)' to 'Enabled' Set 'Microsoft network client: Send unencrypted password to third-party SMB servers' to 'Disabled' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Microsoft network server Rules Set 'Microsoft network server: Digitally sign communications (always)' to 'Enabled' Set 'Microsoft network server: Digitally sign communications (if client agrees)' to 'Enabled' Set 'Microsoft network server: Server SPN target name validation level' to 'Accept if provided by client' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - MSS Rules Set 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' to 'Disabled' Set 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' to 'Highest protection, source routing 1 is completely Pass disabled' Set 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' to 'Highest protection, source routing 1 is completely disabled' Pass Set 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' to 'Enabled' Page 9
10 Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '90% or less' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Recovery console Rules Set 'Recovery console: Allow automatic administrative logon' to 'Disabled' Set 'Recovery console: Allow floppy copy and access to all drives and all folders' to 'Disabled' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Shutdown Rules Set 'Shutdown: Allow system to be shut down without having to log on' to 'Disabled' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - System objects Rules Set 'System objects: Require case insensitivity for non-windows subsystems' to 'Enabled' Set 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' to 'Enabled' 3 Protect Cardholder Data: Requirement 3: Protect stored cardholder data 3.1 Requirement 3: Protect stored cardholder data: Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) Requirement 3: Protect stored cardholder data: Render stored PANs unreadable Verify that Cardholder Data Encryption and Tokenization measures are in place (Rule not automatically assessed) 4.1 Requirement 4: Use strong cryptography and security protocols (for example, TLS, IPSEC, SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public netw 4 Protect Cardholder Data: Requirement 4: Encrypt transmission of cardholder data across open networks Requirement 4: Encrypt transmission of cardholder data: Use strong cryptography and security protocols Configure 'System cryptography: Force strong key protection for user keys stored on the computer' Set 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' to 'Enabled' Set 'Network security: LAN Manager authentication level' to 'Send NTLMv2 response only. Refuse LM & NTLM' Set 'Network security: LDAP client signing requirements' to 'Negotiate signing' or higher Set 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' to 'Require NTLMv2 session security,require bit encryption' Pass Set 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' to 'Require NTLMv2 session security,require bit encryption' Pass Set 'Domain member: Require strong (Windows 2000 or later) session key' to 'Enabled' 5 Maintain a Vulnerability Management Program: Requirement 5: Protect all systems against malware 5.1 Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs Requirement 5: Anti-Virus Protection Check Verify Virus Protection is enabled and updated Requirement 5: Protect all systems against malware: Early Launch Antimalware Rules Set 'Boot-Start Driver Initialization Policy' to 'Enabled: Good, unknown and bad but critical' Page 10
11 5.1.3 Requirement 5: Protect all systems against malware: Attachment Rules Set 'Notify antivirus programs when opening attachments' to 'Enabled' 6 Maintain a Vulnerability Management Program: Requirement 6: Develop and maintain secure systems and applications 6.1 Requirement 6: Develop and maintain secure systems and applications Requirement 6: Develop and maintain secure systems and applications - Windows Update Rules Set 'Configure Automatic Updates' to 'Enabled' Set 'Configure Automatic Updates: Scheduled install day' to '0 - Every day' Set 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' to 'Disabled' Set 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' to 'Disabled' Set 'No auto-restart with logged on users for scheduled automatic updates installations' to 'Disabled' Set 'Reschedule Automatic Updates scheduled installations' to 'Enabled:1 minute' 7.1 Requirement 7: Requirement 7: Restrict access to cardholder data by business need to know: Restriction of access to privileged user IDs to least privileges necessary to perform job res 7 Implement Strong Access Control Measures: Requirement 7: Restrict access to cardholder data by business need to know Requirement 7: Restrict access to cardholder data by business need to know - Network Access Rules Set 'Network access: Allow anonymous SID/Name translation' to 'Disabled' Set 'Network access: Do not allow anonymous enumeration of SAM accounts' to 'Enabled' Set 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' to 'Enabled' Set 'Network access: Let Everyone permissions apply to anonymous users' to 'Disabled' Configure 'Network Access: Named Pipes that can be accessed anonymously' Set 'Network access: Remotely accessible registry paths' Set 'Network access: Remotely accessible registry paths and sub-paths' Set 'Network access: Restrict anonymous access to Named Pipes and Shares' to 'Enabled' Set 'Network access: Shares that can be accessed anonymously' to 'None' Set 'Network access: Sharing and security model for local accounts' to 'Classic - local users authenticate as themselves' Requirement 7: Restrict access to cardholder data by business need to know - Network Security Rules Set 'Do not display network selection UI' to 'Enabled' Set 'Configure Offer Remote Assistance' to 'Disabled' Set 'Configure Solicited Remote Assistance' to 'Disabled' Set 'Network security: Allow Local System to use computer identity for NTLM' to 'Enabled' Set 'Network security: Allow LocalSystem NULL session fallback' to 'Disabled' Set 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' to 'Disabled' Set 'Network Security: Configure encryption types allowed for Kerberos' to 'RC4\AES128\AES256\Future types' Set 'Network security: Do not store LAN Manager hash value on next password change' to 'Enabled' Set 'Deny access to this computer from the network' Set 'Deny log on as a batch job' to include 'Guests' Set 'Deny log on as a service' to include 'Guests' Page 11
12 Set 'Deny log on locally' to include 'Guests' Set 'Deny log on through Remote Desktop Services' to include 'Guests, Local account' 8.1 Requirement 8: Identify and authenticate access to system components: Restrict access to cardholder data by business need to know: 8.1 Define and implement policies and procedure 8 Implement Strong Access Control Measures: Requirement 8: Identify and authenticate access to system components Requirement 8: Identify and authenticate access to system components - Account Lockout Rules Set 'Account lockout threshold' to 6 or fewer invalid logon attempt(s), but not Set 'Account lockout duration' to '30 or more minute(s)' Set 'Reset account lockout counter after' to '30 or more minute(s)' Set 'Network security: Force logoff when logon hours expire' to 'Enabled' Set 'Microsoft network server: Disconnect clients when logon hours expire' to 'Enabled' Set 'Interactive logon: Machine inactivity limit' to 15 minutes or fewer second(s), but not Set 'Microsoft network server: Amount of idle time required before suspending session' to '15 or fewer minute(s)' Set 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires must be set to zero seconds Requirement 8: Identify and authenticate access to system components - Password Policy Set 'Enforce password history' to '24 or more password(s)' Set 'Maximum password age' to 60 or fewer days, but not Set 'Minimum password age' to '1 or more day(s)' Set 'Minimum password length' to '14 or more character(s)' Set 'Password must meet complexity requirements' to 'Enabled' Set 'Store passwords using reversible encryption' to 'Disabled' Requirement 8: Identify and authenticate access to system components - Windows Logon Options Rules Set 'Sign-in last interactive user automatically after a system-initiated restart' to 'Disabled' Requirement 8: Identify and authenticate access to system components - Windows Remote Management (WinRM)-WinRM Client Rules Set 'Allow Basic authentication' to 'Disabled' Set 'Allow unencrypted traffic' to 'Disabled' Set 'Disallow Digest authentication' to 'Enabled' Requirement 8: Identify and authenticate access to system components - Remote Desktop Rules Set 'Do not allow passwords to be saved' to 'Enabled' Set 'Do not allow drive redirection' to 'Enabled' Set 'Always prompt for password upon connection' to 'Enabled' Set 'Set client connection encryption level: Encryption Level' to 'Enabled: High Level' 9 Maintain a Vulnerability Management Program: Requirement 9: Restrict physical access to cardholder data Page 12
13 9.1 Requirement 9: Restrict physical access to cardholder data: Physical Protection procedures and measures Requirement 9: Restrict physical access to cardholder data: Physical Protection procedures and measures Verify PCI DSS Requirement 9 requirements are being operated (Rule not automatically assessed) 10 Regularly Monitor and Test Networks: Requirement 10: Track and monitor all access to network resources and cardholder data 10.1 Requirement 10: Track access to network/cardholder data: Retain and Review System Audit Trails Requirement 10: Track access to network/cardholder data: Account Policies - Audit Rules Set 'Manage auditing and security log' to 'Administrators' Set 'Generate security audits' to 'LOCAL SERVICE, NETWORK SERVICE' Set 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' to 'Enabled' Set 'Audit: Shut down system immediately if unable to log security audits' to 'Disabled' Requirement 10: Track access to network/cardholder data: Windows Components - Event Log Rules Set 'Maximum Log Size (KB)' to 'Enabled:32768' Set 'Retain old events' to 'Disabled' Set 'Retain old events' to 'Disabled' Set 'Maximum Log Size (KB)' to 'Enabled:81920' Set 'Maximum Log Size (KB)' to 'Enabled:32768' Set 'Retain old events' to 'Disabled' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - System Rules Set 'Audit Policy: System: System Integrity' to 'Success and Failure' Set 'Audit Policy: System: Security System Extension' to 'Success and Failure' Set 'Audit Policy: System: Security State Change' to 'Success and Failure' Set 'Audit Policy: System: IPsec Driver' to 'Success and Failure' Set 'Audit Policy: System: Other System Events' to 'No Auditing' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Object Access Rules Set 'Audit Policy: Object Access: Handle Manipulation' to 'No Auditing' Set 'Audit Policy: Object Access: Other Object Access Events' to 'No Auditing' Set 'Audit Policy: Object Access: File Share' to 'No Auditing' Set 'Audit Policy: Object Access: File System' to 'No Auditing' Set 'Audit Policy: Object Access: SAM' to 'No Auditing' Set 'Audit Policy: Object Access: Kernel Object' to 'No Auditing' Set 'Audit Policy: Object Access: Filtering Platform Packet Drop' to 'No Auditing' Set 'Audit Policy: Object Access: Registry' to 'No Auditing' Set 'Audit Policy: Object Access: Certification Services' to 'No Auditing' Set 'Audit Policy: Object Access: Application Generated' to 'No Auditing' Page 13
14 Set 'Audit Policy: Object Access: Detailed File Share' to 'No Auditing' Set 'Audit Policy: Object Access: Filtering Platform Connection' to 'No Auditing' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Logon-Logoff Rules Set 'Audit Policy: Logon-Logoff: Other Logon/Logoff Events' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: Special Logon' to 'Success' Set 'Audit Policy: Logon-Logoff: IPsec Main Mode' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: Account Lockout' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: IPsec Extended Mode' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: IPsec Quick Mode' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: Logoff' to 'Success' Set 'Audit Policy: Logon-Logoff: Network Policy Server' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: Logon' to 'Success and Failure' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - DS Access Rules Set 'Audit Policy: DS Access: Directory Service Replication' to 'No Auditing' Set 'Audit Policy: DS Access: Detailed Directory Service Replication' to 'No Auditing' Set 'Audit Policy: DS Access: Directory Service Changes' to 'No Auditing' Set 'Audit Policy: DS Access: Directory Service Access' to 'No Auditing' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Detailed Tracking Rules Set 'Audit Policy: Detailed Tracking: DPAPI Activity' to 'No Auditing' Set 'Audit Policy: Detailed Tracking: Process Termination' to 'No Auditing' Set 'Audit Policy: Detailed Tracking: Process Creation' to 'Success' Set 'Audit Policy: Detailed Tracking: RPC Events' to 'No Auditing' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Policy Change Rules Set 'Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change' to 'No Auditing' Set 'Audit Policy: Policy Change: Filtering Platform Policy Change' to 'No Auditing' Set 'Audit Policy: Policy Change: Authorization Policy Change' to 'No Auditing' Set 'Audit Policy: Policy Change: Audit Policy Change' to 'Success and Failure' Set 'Audit Policy: Policy Change: Other Policy Change Events' to 'No Auditing' Set 'Audit Policy: Policy Change: Authentication Policy Change' to 'Success' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Account Management Rules Set 'Audit Policy: Account Management: Distribution Group Management' to 'No Auditing' Set 'Audit Policy: Account Management: Computer Account Management' to 'Success' Set 'Audit Policy: Account Management: User Account Management' to 'Success and Failure' Page 14
15 Set 'Audit Policy: Account Management: Security Group Management' to 'Success and Failure' Set 'Audit Policy: Account Management: Other Account Management Events' to 'Success and Failure' Set 'Audit Policy: Account Management: Application Group Management' to 'No Auditing' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Account Logon Rules Set 'Audit Policy: Account Logon: Kerberos Authentication Service' to 'No Auditing' Set 'Audit Policy: Account Logon: Other Account Logon Events' to 'No Auditing' Set 'Audit Policy: Account Logon: Kerberos Service Ticket Operations' to 'No Auditing' Set 'Audit Policy: Account Logon: Credential Validation' to 'Success and Failure' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Privilege Use Rules Set 'Audit Policy: Privilege Use: Other Privilege Use Events' to 'No Auditing' Set 'Audit Policy: Privilege Use: Non Sensitive Privilege Use' to 'No Auditing' Set 'Audit Policy: Privilege Use: Sensitive Privilege Use' to 'Success and Failure' Requirement 11: Regularly test security systems and processes: 11.5 Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauth 11 Regularly Monitor and Test Networks: Requirement 11: Regularly test security systems and processes 11.1 Requirement 11: Regularly test security systems and processes Implement File Integrity Monitoring: Verify the use of a change-detection mechanism within the cardholder data environment by observing system 1 settings and monitored Pass files, as w 12 Maintain an Information Security Policy: Requirement 12: Maintain a policy that addresses information security for all personnel 12.1 Requirement 12: Maintain a policy that addresses information security for all personnel Requirement 12: Maintain a policy that addresses information security for all personnel: Policy and Procedure Documentation Verify PCI DSS Requirement 12 requirements are being operated Page 15
Windows Server 2008/2012 Server Hardening
Account Policies Enforce password history 24 Maximum Password Age - 42 days Minimum Password Age 2 days Minimum password length - 8 characters Password Complexity - Enable Store Password using Reversible
More informationService Name Startup Type Log On As. ActiveX Installer (AxInstSV) Manual Local System. Adaptive Brightness Manual Local Service
Did you tweak the Services configuration incorrectly, resulting in a system slowdown or leading to other catastrophe? And you don t remember the original configuration to revert back? You may find the
More informationWeb. Security Options Comparison
Web 3 Security Options Comparison Windows Server 2003 provides a number of Security Options that can be applied within the scope of managing a GPO. Most are the same as those available in Windows 2000.
More informationDefense Security Service Office of the Designated Approving Authority
Defense Security Service Office of the Designated Approving Authority Baseline Technical Security Configuration of Microsoft Windows 7 and Microsoft Server 2008 R2 Version 1.0 Title Page Document Name:
More informationServices on Server 11/5/2015 00:00:00-12/4/2015 23:59:59
Services on Server 11/5/2015 00:00:00-12/4/2015 23:59:59 Computers: SQL2014 Computer: SQL2014 Microsoft Monitoring Agent Audit Forwarding Stopped Disabled NT AUTHORITY\NetworkService Sends events to a
More informationCIS Microsoft Windows 7 Benchmark. v2.1.0-12-03-2013. http://benchmarks.cisecurity.org
CIS Microsoft Windows 7 Benchmark v2.1.0-12-03-2013 http://benchmarks.cisecurity.org The CIS Security Benchmarks division provides consensus-oriented information security products, services, tools, metrics,
More informationSecurity Options... 1
Effective Server Security Options Period: Last 20 week(s) Generated: For: Brian Bartlett bbartlett@ecora.com By: Ecora Auditor Professional 4.5 - Windows Module 4.5.8010.20310 Using: Customized FFR Definition
More informationBelarc Advisor Security Benchmark Summary
Page 1 of 5 The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple computers in a corporate, educational, military or government installation is prohibited.
More informationCIS Microsoft Windows Server 2012. v1.0.0. Benchmark
CIS Microsoft Windows Server 2012 v1.0.0 Benchmark 01-31-2013 The CIS Security Benchmarks division provides consensus-oriented information security products, services, tools, metrics, suggestions, and
More informationNNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v2-1-0-2
NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v2-1-0-2: NNTDC01 On NNTDC01 - By admin for time period 5/23/2014 8:49:51 AM to 5/23/2014 8:49:51 AM NNT CIS Microsoft Windows Server
More informationSECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)
WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term
More informationAbout Microsoft Windows Server 2003
About Microsoft Windows Server 003 Windows Server 003 (WinK3) requires extensive provisioning to meet both industry best practices and regulatory compliance. By default the Windows Server operating system
More informationWindows Server 2003 default services
Windows Server 2003 default services To view a description for a particular service, hover the mouse pointer over the service in the Name column. The descriptions included here are based on Microsoft documentation.
More informationWalton Centre. Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure
Page 1 Walton Centre Access and Authentication (network) Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure Page 2 Table of Contents Section
More informationHow To Set A Group Policy On A Computer With A Network Security Policy On Itunes.Com (For Acedo) On A Pc Or Mac Mac (For An Ubuntu) On An Ubode (For Mac) On Pc Or Ip
CIS Microsoft Windows XP Benchmark v3.1.0-12-03-2013 http://benchmarks.cisecurity.org The CIS Security Benchmarks division provides consensus-oriented information security products, services, tools, metrics,
More informationWindows 7 / Server 2008 R2 Configuration Overview. By: Robert Huth Dated: March 2014
Windows 7 / Server 2008 R2 Configuration Overview By: Robert Huth Dated: March 2014 Expectations This Windows 7 / Server 2008 R2 (Win7-2K8) presentation is a general overview of the technical security
More informationSecure configuration document
Secure configuration document Windows 7 Draft 0.1. DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India Document Control S. No.
More informationDefense Security Service Industrial Security Field Operations NISP Authorization Office. Technical Assessment Guide for Windows 7 Operating System
Defense Security Service Industrial Security Field Operations NISP Authorization Office Technical Assessment Guide for Windows 7 Operating System February 2016 Revision Log Date Revision Description of
More informationSymantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 Domain Controllers Version: 3.0.0 Symantec Enterprise Security Manager Baseline Policy Manual for
More informationCHARON-VAX application note
CHARON-VAX application note AN-33 Required Windows Standard Services Author: Software Resources International Date: 16-Jan-2006 Software Resources International (SRI) recommends the use of the host operating
More informationMCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More information74% 96 Action Items. Compliance
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated
More informationWindows Operating Systems. Basic Security
Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System
More informationServices Summary... 1
Services Report By Service Name Period: Last 20 week(s) Generated: For: Internal Auditor InternalAuditor@ecora.com By: Ecora Auditor Professional 4.5 - Windows Module 4.5.8063.19200 Using: FFR Definition
More informationWindows Advanced Audit Policy Configuration
Windows Advanced Audit Policy Configuration EventTracker v7.x Publication Date: May 6, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This document describes auditing
More informationWindows 7 Core Services: Application Experience. Application Information. Background Intelligent Transfer. Base Filtering Engine.
Yegor Hanov EECS710, Fall 2012 Homework Assignment 10/23/12 Assignment 2: Core Windows 7 Services I reviewed the list of active services running on my laptop during normal operation. The list [1] contains
More informationObjectives. At the end of this chapter students should be able to:
NTFS PERMISSIONS AND SECURITY SETTING.1 Introduction to NTFS Permissions.1.1 File Permissions and Folder Permission.2 Assigning NTFS Permissions and Special Permission.2.1 Planning NTFS Permissions.2.2
More informationDefault Domain Policy Data collected on: 10/12/2012 5:28:08 PM General
Default Domain Default Domain Data collected on: 10/12/2012 5:28:08 PM General Details Domain Owner Created Modified User Revisions Computer Revisions Unique ID GPO Status webrecon.local WEBRECON\Domain
More informationWindows 7, Enterprise Desktop Support Technician
Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse
More information"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary
Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test
More informationSymantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 (Domain Member Servers and Domain Controllers) Symantec Enterprise Security Manager Baseline Policy
More informationWindows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led
Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led
More informationGFI White Paper PCI-DSS compliance and GFI Software products
White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption
More informationCIS Microsoft Windows Server 2003. Benchmark. v3.1.0-12-03-2013. http://benchmarks.cisecurity.org
CIS Microsoft Windows Server 2003 v3.1.0-12-03-2013 Benchmark http://benchmarks.cisecurity.org The CIS Security Benchmarks division provides consensus-oriented information security products, services,
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationAgency Pre Migration Tasks
Agency Pre Migration Tasks This document is to be provided to the agency and will be reviewed during the Migration Technical Kickoff meeting between the ICS Technical Team and the agency. Network: Required
More informationMCSE 2003. Core exams (Networking) One Client OS Exam. Core Exams (6 Exams Required)
MCSE 2003 Microsoft Certified Systems Engineer (MCSE) candidates on the Microsoft Windows Server 2003 track are required to satisfy the following requirements: Core Exams (6 Exams Required) Four networking
More informationLocking down a Hitachi ID Suite server
Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime
More informationMicrosoft Solutions for Security and Compliance. Windows Server 2003 Security Guide
Microsoft Solutions for Security and Compliance Windows Server 2003 Security Guide 2006 Microsoft Corporation. This work is licensed under the Creative Commons Attribution-Non Commercial License. To view
More informationGlobalSCAPE DMZ Gateway, v1. User Guide
GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical
More informationModule 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! 50331 - Windows 7, Enterprise Desktop Support Technician Duration: 5 days About this Course This five-day
More informationCourse Description. Course Audience. Course Outline. Course Page - Page 1 of 12
Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge
More informationMicrosoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005
Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005 Revision 1.3: Cleaned up resources and added additional detail into each auditing table. Revision 1.4:
More informationSonicWALL PCI 1.1 Implementation Guide
Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationAchieving PCI-Compliance through Cyberoam
White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit
More informationVirtual Data Centre. User Guide
Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10
More informationThe SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.
WatchGuard SSL v3.2 Release Notes Supported Devices SSL 100 and 560 WatchGuard SSL OS Build 355419 Revision Date January 28, 2013 Introduction WatchGuard is pleased to announce the release of WatchGuard
More informationBlack Viper s Windows 10 Service Configurations» Black Viper
Black Viper s Windows 10 Configurations» Black Viper www.blackviper.com Display Name Name ActiveX Installer (AxInstSV) AxInstSV App Readiness AppReadiness Application Host Helper AppHostSvc Not Installed
More informationSecurity Configuration Benchmark For. Microsoft Windows 7. Version 1.1.0 July 30 th 2010
Security Configuration Benchmark For Microsoft Windows 7 Version 1.1.0 July 30 th 2010 Copyright 2001-2010, The Center for Internet Security http://cisecurity.org feedback@cisecurity.org Background. CIS
More informationA Guide to New Features in Propalms OneGate 4.0
A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously
More informationCatapult PCI Compliance
Catapult PCI Compliance Table of Contents Catapult PCI Compliance...1 Table of Contents...1 Overview Catapult (PCI)...2 Support and Contact Information...2 Dealer Support...2 End User Support...2 Catapult
More informationMCSA Security + Certification Program
MCSA Security + Certification Program 12 credit hours 270 hours to complete certifications Tuition: $4500 Information technology positions are high-demand occupations that support virtually all industries.
More informationBefore deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.
SiteAudit Knowledge Base Deployment Check List June 2012 In This Article: Platform Requirements Windows Settings Discovery Configuration Before deploying SiteAudit it is recommended to review the information
More informationהמרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון 79165 טל'- 08-6801535 פקס- 08-6801543 בשיתוף עם מכללת הנגב ע"ש ספיר
מודולות הלימוד של מייקרוסופט הקורס מחולק ל 4 מודולות כמפורט:.1Configuring Microsoft Windows Vista Client 70-620 Installing and upgrading Windows Vista Identify hardware requirements. Perform a clean installation.
More informationTable Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10
Table Of Contents - - WINDOWS SERVER 2003 MAINTAINING AND MANAGING ENVIRONMENT...1 WINDOWS SERVER 2003 IMPLEMENTING, MANAGING & MAINTAINING...6 WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS
More informationvcloud Director User's Guide
vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationImplementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
Question Number (ID) : 1 (jaamsp_mngnwi-025) Lisa would like to configure five of her 15 Web servers, which are running Microsoft Windows Server 2003, Web Edition, to always receive specific IP addresses
More informationMicrosoft Windows XP Professional: Guide to Creating a More Secure Operating System
Microsoft Windows XP Professional: Guide to Creating a More Secure Operating System Introduction This document contains specific guidelines for establishing a secure Microsoft Windows XP computing environment.
More informationMetalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015
Metalogix SharePoint Backup Publication Date: August 24, 2015 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this
More informationKepware Technologies Remote OPC DA Quick Start Guide (DCOM)
Kepware Technologies Remote OPC DA Quick Start Guide (DCOM) March, 2013 Ref. 03.10 Kepware Technologies Table of Contents 1. Overview... 1 1.1 What is DCOM?... 1 1.2 What is OPCEnum?... 1 2. Users and
More information70-685: Enterprise Desktop Support Technician
70-685: Enterprise Desktop Support Technician Course Introduction Course Introduction Chapter 01 - Identifying Cause and Resolving Desktop Application Issues Identifying Cause and Resolving Desktop Application
More informationConfiguring Windows Server 2008 Network Infrastructure
Configuring Windows Server 2008 Network Infrastructure Course Number: 70-642 Certification Exam This course is preparation for the Microsoft Technical Specialist (TS) exam, Exam 70-642: TS: Windows Server
More informationControls for the Credit Card Environment Edit Date: May 17, 2007
Controls for the Credit Card Environment Edit Date: May 17, 2007 Status: Approved in concept by Executive Staff 5/15/07 This document contains policies, standards, and procedures for securing all credit
More informationWindows 7, Enterprise Desktop Support Technician
Windows 7, Enterprise Desktop Support Technician Course Number: 70-685 Certification Exam This course is preparation for the Microsoft Certified IT Professional (MCITP) Exam, Exam 70-685: Pro: Windows
More informationConfiguration Information
This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard. Other topics covered include Email Security interface navigation,
More informationThis section provides a summary of using network location profiles to identify network connection types. Details include:
Module 7 Network Access and Security In Module 7 students will learn several strategies for controlling network access and enhancing network security. These will include: controlling network location profiles,
More informationwww.xceedium.com 2: Do not use vendor-supplied defaults for system passwords and other security parameters
2: Do not use vendor-supplied defaults for system passwords and other security parameters 2.1: Always change vendor-supplied defaults and remove or disable unnecessary default accounts before installing
More information70-642 R4: Configuring Windows Server 2008 Network Infrastructure
70-642 R4: Configuring Windows Server 2008 Network Infrastructure Course Introduction Chapter 01 - Understanding and Configuring IP Lesson: Introducing the OSI Model Understanding the Network Layers OSI
More informationCNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions
CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions The objective of Implementing Citrix NetScaler 10.5 for App and Desktop Solutions is to provide the foundational concepts and skills
More informationWindows security for n00bs part 1 Security architecture & Access Control
Grenoble INP Ensimag _ (in)security we trust _!! SecurIMAG 2011-05-12 Windows security for n00bs part 1 Security architecture & Access Control Description: whether you are in favor or against it, the Windows
More informationRemote Administration
Windows Remote Desktop, page 1 pcanywhere, page 3 VNC, page 7 Windows Remote Desktop Remote Desktop permits users to remotely execute applications on Windows Server 2008 R2 from a range of devices over
More informationImplementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
Question Number (ID) : 1 (wmpmsp_mngnwi-121) You are an administrator for an organization that provides Internet connectivity to users from the corporate network. Several users complain that they cannot
More informationWindows 2000 Security Architecture. Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation
Windows 2000 Security Architecture Peter Brundrett Program Manager Windows 2000 Security Microsoft Corporation Topics Single Sign-on Kerberos v5 integration Active Directory security Delegation of authentication
More informationLesson Plans Managing a Windows 2003 Network Infrastructure
Lesson Plans Managing a Windows 2003 Network Infrastructure (Exam 70-291) Table of Contents Course Overview... 2 Section 0.1: Introduction... 3 Section 1.1: Client Configuration... 4 Section 1.2: IP Addressing...
More informationSQL Server Hardening
Considerations, page 1 SQL Server 2008 R2 Security Considerations, page 4 Considerations Top SQL Hardening Considerations Top SQL Hardening considerations: 1 Do not install SQL Server on an Active Directory
More informationITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server
ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server Inhalte Teil 01 Network Architecture Standards Network Components and Terminology Network Architecture Network Media Access Control Methods
More informationColligo Engage Windows App 7.0. Administrator s Guide
Colligo Engage Windows App 7.0 Administrator s Guide Contents Introduction... 3 Target Audience... 3 Overview... 3 Localization... 3 SharePoint Security & Privileges... 3 System Requirements... 4 Software
More information"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary
Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with
More informationRemote Support Jumpoint Guide: Unattended Access to Computers in a Network 3. Requirements and Considerations to Install a Jumpoint 4.
Jumpoint Guide 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.
More informationActivity 1: Scanning with Windows Defender
Activity 1: Scanning with Windows Defender 1. Click on Start > All Programs > Windows Defender 2. Click on the arrow next to Scan 3. Choose Custom Scan Page 1 4. Choose Scan selected drives and folders
More informationF-Secure Messaging Security Gateway. Deployment Guide
F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4
More informationNetworking Best Practices Guide. Version 6.5
Networking Best Practices Guide Version 6.5 Summer 2010 Copyright: 2010, CCH, a Wolters Kluwer business. All rights reserved. Material in this publication may not be reproduced or transmitted in any form
More informationCitrix Access Gateway Plug-in for Windows User Guide
Citrix Access Gateway Plug-in for Windows User Guide Access Gateway 9.2, Enterprise Edition Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior acceptance
More informationvsphere Security ESXi 6.0 vcenter Server 6.0 EN-001466-04
ESXi 6.0 vcenter Server 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationKaseya Server Instal ation User Guide June 6, 2008
Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's
More informationPCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst. 2010. Page 1 of 7 www.ecfirst.com
Policy/Procedure Description PCI DSS Policies Install and Maintain a Firewall Configuration to Protect Cardholder Data Establish Firewall and Router Configuration Standards Build a Firewall Configuration
More informationAIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security. www.uscyberpatriot.
AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE Microsoft Windows Security www.uscyberpatriot.org AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION
More informationMCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring
MCSA Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange
More informationObjectif. Participant. Prérequis. Remarque. Programme. Windows 7, Enterprise Desktop Support Technician (seven)
Objectif This five-day instructor-ledcourse provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help
More informationILTA HANDS ON Securing Windows 7
Securing Windows 7 8/23/2011 Table of Contents About this lab... 3 About the Laboratory Environment... 4 Lab 1: Restricting Users... 5 Exercise 1. Verify the default rights of users... 5 Exercise 2. Adding
More informationDisable Redundant Windows XP Services which are Hogging Your RAM
X P Services Optimisation X 36/1 Disable Redundant Windows XP Services which are Hogging Your RAM With the information in this article you can: Configure your Windows XP Services for top performance Identify
More informationOVERVIEW OF TYPICAL WINDOWS SERVER ROLES
OVERVIEW OF TYPICAL WINDOWS SERVER ROLES Before you start Objectives: learn about common server roles which can be used in Windows environment. Prerequisites: no prerequisites. Key terms: network, server,
More informationMCSE TestPrep: Windows NT Server 4, Second Edition - 3 - Managing Resources
MCSE TestPrep: Windows NT Server 4, Second Edition - CH 3 - Managing Resources Page 1 of 36 [Figures are not included in this sample chapter] MCSE TestPrep: Windows NT Server 4, Second Edition - 3 - Managing
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More informationTESTBED Win2012 Server
TESTBED Win2012 Server SekChek for Windows Security Report 10 November 2013 SekChek IPS inbox@sekchek.com www.sekchek.com Declaration The provided observations and recommendations are in response to a
More informationChapter 6 Using Network Monitoring Tools
Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your Wireless-G Router Model WGR614v9. You can access these features by selecting the items under
More information