NNT PCI DSS Microsoft Windows Server 2012 R2 Benchmark 12/17/ :37

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "NNT PCI DSS Microsoft Windows Server 2012 R2 Benchmark 12/17/2015 12:37"

Transcription

1 NNT PCI DSS Microsoft Windows Server 2012 R2 Benchmark 12/17/ :37 Compliance Score : 89.81% 370 of 412 rules passed 0 of 412 rules partially passed 42 of 412 rules failed Detailed PCI DSS v3.1 Requirements and Security Assessment Procedures: NNT PCI DSS Microsoft Windows Server 2012 R2. To obtain the latest version of this guide, please visit If you have questions, comments, or have identified ways to improve this guide, please write us at 1 Build and Maintain a Secure Network and Systems: Requirement 1: Install and maintain a firewall 1.1 Requirement 1: Install and maintain a firewall configuration to protect cardholder data: Corporate Firewall and In-Scope Devices Internal Firewall Requirement 1: Firewall configuration standards: Track and Approve Config Changes A formal process for approving and testing all network connections and changes to the firewall and router configurations 1.2 Requirement 1: Install and maintain a firewall configuration to protect cardholder data: Windows Server Firewall Requirement 1: Firewall configuration standards: Windows Firewall With Advanced Security - Domain Set 'Windows Firewall: Domain: Firewall state' to 'On (recommended)' Set 'Windows Firewall: Domain: Inbound connections' to 'Block (default)' Set 'Windows Firewall: Domain: Outbound connections' to 'Allow (default)' Set 'Windows Firewall: Domain: Display a notification' to 'Yes (default)' Set 'Windows Firewall: Domain: Allow unicast response' to 'No' Set 'Windows Firewall: Domain: Apply local firewall rules' to 'Yes (default)' Set 'Windows Firewall: Domain: Apply local connection security rules' to 'Yes (default)' Set 'Windows Firewall: Domain: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\domainfw.log' Set 'Windows Firewall: Domain: Logging: Size limit (KB)' to '16,384 KB or greater ' Set 'Windows Firewall: Domain: Logging: Log dropped packets' to 'Yes' Set 'Windows Firewall: Domain: Logging: Log successful connections' to 'Yes' Requirement 1: Firewall configuration standards: Windows Firewall With Advanced Security - Private Profile Set 'Windows Firewall: Private: Firewall state' to 'On (recommended)' Set 'Windows Firewall: Private: Inbound connections' to 'Block (default)' Set 'Windows Firewall: Private: Outbound connections' to 'Allow (default)' Set 'Windows Firewall: Private: Display a notification' to 'Yes (default)' Set 'Windows Firewall: Private: Allow unicast response' to 'No' Set 'Windows Firewall: Private: Apply local firewall rules' to 'Yes (default)' Set 'Windows Firewall: Private: Apply local connection security rules' to 'Yes (default)' Set 'Windows Firewall: Private: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\privatefw.log' Page 1

2 Set 'Windows Firewall: Private: Logging: Size limit (KB)' to '16,384 KB or greater' Set 'Windows Firewall: Private: Logging: Log dropped packets' to 'Yes' Set 'Windows Firewall: Private: Logging: Log successful connections' to 'Yes' Requirement 1: Firewall configuration standards: Windows Firewall With Advanced Security - Public Profile Set 'Windows Firewall: Public: Firewall state' to 'On (recommended)' Set 'Windows Firewall: Public: Inbound connections' to 'Block (default)' Set 'Windows Firewall: Public: Outbound connections' to 'Allow (default)' Set 'Windows Firewall: Public: Display a notification' to 'Yes' Set 'Windows Firewall: Public: Allow unicast response' to 'No' Set 'Windows Firewall: Public: Apply local firewall rules' to 'Yes (default)' Set 'Windows Firewall: Public: Apply local connection security rules' to 'No' Set 'Windows Firewall: Public: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\publicfw.log' Set 'Windows Firewall: Public: Logging: Size limit (KB)' to '16,384 KB or greater' Set 'Windows Firewall: Public: Logging: Log dropped packets' to 'Yes' Set 'Windows Firewall: Public: Logging: Log successful connections' to 'Yes' 2 Build and Maintain a Secure Network and Systems: Requirement 2: Do not use vendor-supplied defaults 2.1 Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters: Develop configuration standards for all system components Requirement 2: System Hardening - Default User Accounts Set 'Accounts: Guest account status' to 'Disabled' Configure 'Accounts: Rename administrator account' Configure 'Accounts: Rename guest account' Requirement 2: System Hardening - Personalization Rules Set 'Enable screen saver' to 'Enabled' Set 'Force specific screen saver: Screen saver executable name' to 'Enabled:scrnsave.scr' Set 'Password protect the screen saver' to 'Enabled' Requirement 2: System Hardening - Attachment Manager Rules Set 'Do not preserve zone information in file attachments' to 'Disabled' 2.2 Requirement 2: System Hardening: Non-Default Services List - Verify that system configuration standards include the following procedures for all types of system components: - Changi Requirement 2: System Hardening: Check for any Non-Default Services Check for any Non-Default Services 2.3 Requirement 2: System Hardening: Mandatory Services List - Verify that system configuration standards include the following procedures for all types of system components: - Changin Page 2

3 2.3.1 Requirement 2: System Hardening: Mandatory Services List App Readiness Service Application Experience Service Application Host Helper Service Application Identity Service Application Information Service Application Layer Gateway Service Application Management Service AppX Deployment Service (AppXSVC) Service ASP.NET State Service (aspnet_state) Service Background Intelligent Transfer Service Background Tasks Infrastructure (BrokerInfrastructure) Service Base Filtering Engine Service Certificate Propagation Service CNG Key Isolation Service COM+ Event System Service COM+ System Application Service Computer Browser Service Credential Manager Service Cryptographic Services Service DCOM Server Process Launcher Service Device Association (deviceassociationservice) Service Device Install (deviceinstall) Service Device Setup (dsmsvc) Service DHCP Client Service Diagnostic Policy Service Diagnostic Service Host Service Diagnostic System Host Service Distributed Link Tracking Client Service Distributed Transaction Coordinator Service DNS Client Service The Enhanced Mitigation Experience Toolkit (EMET) Service Encrypting File System (EFS) Service Extensible Authentication Protocol Service Function Discovery Provider Host Service Function Discovery Resource Publication Service Group Policy Client Service Health Key and Certificate Management Service Human Interface Device Access Service Hyper-V Data Exchange Service (vmickvpexchange) Service Hyper-V Guest Service Interface (vmicguestinterface) Service Page 3

4 Hyper-V Guest Shutdown Service (vmicshutdown) Service Hyper-V Heartbeat Service (vmicheartbeat) Service Hyper-V Remote Desktop Virtualization Service (vmicrdv) Service Hyper-V Time Synchronization Service (vmictimesync) Service Hyper-V Volume Shadow Copy Requestor (vmicvss) Service IKE and AuthIP IPsec Keying Modules Service Interactive Services Detection Service Internet Connection Sharing (ICS) Service Internet Explorer ETW Collector Service IP Helper Service IPsec Policy Agent Service KDC Proxy Server service (kpssvc) Service KtmRm for Distributed Transaction Coordinator Service Link-Layer Topology Discovery Mapper Service Microsoft iscsi Initiator Service Microsoft Software Shadow Copy Provider Service Microsoft Storage Spaces SMP (smphost) Service Multimedia Class Scheduler Service Net.Tcp Port Sharing Service Netlogon Service Network Access Protection Agent Service Network Connections Service Network Connectivity Assistant (ncasvc) Service Network List Service Network Location Awareness Service Network Store Interface Service Optimize Drives (defragsvc) Service Performance Counter DLL Host (perfhost) Service Performance Logs and Alerts Service Plug and Play Service Portable Device Enumerator Service Power Service Print Spooler Service Printer Extensions and Notifications Service Problem Reports and Solutions Control Panel Support Service Remote Access Auto Connection Manager Service Remote Access Connection Manager Service Remote Desktop Configuration Service Remote Desktop Services Service Remote Desktop Services UserMode Port Redirector Remote Procedure Call (RPC) Service Remote Procedure Call (RPC) Locator Service Page 4

5 Remote Registry Service Resultant Set of Policy Provider Service Routing and Remote Access Service RPC Endpoint Mapper Service Secondary Logon Service Secure Socket Tunneling Protocol Service Security Accounts Manager Service Server Service Shell Hardware Detection Service Smart Card Service Smart Card Device Enumeration Service Smart Card Removal Policy Service SNMP Trap Service Software Protection Service Special Administration Console Helper Service Spot Verifier Service SSDP Discovery Service Storage Tiers Management Service Superfetch Service System Event Notification Service System Events Broker Service Task Scheduler Service TCP/IP NetBIOS Helper Service Telephony Service Themes Service Thread Ordering Server Service UPnP Device Host Service User Access Logging Service User Profile Service Virtual Disk Service Volume Shadow Copy Service Windows Audio Service Windows Audio Endpoint Builder Service Windows Color System Service Windows Connection Manager (wcmsvc) Service Windows Driver Foundation - User-mode Driver Framework Service Windows Encryption Provider Host Service Windows Error Reporting Service Windows Event Collector Service Windows Event Log Service Windows Firewall Service Windows Font Cache (fontcache) Service Page 5

6 Windows Installer Service Windows Management Instrumentation Service Windows Modules Installer Service Windows Presentation Foundation Font Cache (fontcache ) Service Windows Process Activation Service Service Windows Remote Management (WS-Management) Service Windows Store Service (WSService) Windows Time Service Windows Update Service WinHTTP Web Proxy Auto-Discovery Service Wired AutoConfig Service WMI Performance Adapter Service Workstation Service 2.4 Requirement 2: System Hardening: Optional Services List - - Verify that system configuration standards include the following procedures for all types of system components: - Changing Requirement 2: System Hardening: Optional Services List Optional Services List: NNT Agent Service (NNTAgentService) Optional Services List: NNT Proxy Agent Service (NNTAgentProxyService) Optional Services List: NNT Change Tracker Gen 7 MongoDB Service Optional Services List: NNT Change Tracker Gen 7 Redis Service Optional Services List: ASP.NET State Service (aspnet_state) Service Optional Services List: World Wide Web Publishing Service Optional Services List: W3C Logging Service 2.5 Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters: Develop configuration standards for all system components Requirement 2: System Hardening: Group Policy Rules Set 'Configure registry policy processing: Do not apply during periodic background processing' to 'False' Set 'Configure registry policy processing: Process even if the Group Policy objects have not changed' to 'True' Requirement 2: System Hardening: Internet Communication settings Rules Set 'Turn off downloading of print drivers over HTTP' to 'Enabled' Set 'Turn off Internet download for Web publishing and online ordering wizards' to 'Enabled' Set 'Turn off printing over HTTP' to 'Enabled' Set 'Turn off Search Companion content file updates' to 'Enabled' Set 'Turn off the "Publish to Web" task for files and folders' to 'Enabled' Set 'Turn off the Windows Messenger Customer Experience Improvement Program' to 'Enabled' Requirement 2: System Hardening: Personalization Rules Set 'Prevent enabling lock screen camera' to 'Enabled' Page 6

7 Set 'Prevent enabling lock screen slide show' to 'Enabled' Requirement 2: System Hardening: Search Rules Set 'Allow indexing of encrypted files' to 'Disabled' Requirement 2: System Hardening: Windows Installer Rules Set 'Always install with elevated privileges' to 'Disabled' Requirement 2: System Hardening - Additonal Measues: Administrative Templates (Computer) Rules Set 'Apply UAC restrictions to local accounts on network logons' to 'Enabled' Set 'WDigest Authentication' to 'Disabled' Requirement 2: System Hardening - Additonal Measues: App runtime Rules Set 'Allow Microsoft accounts to be optional' to 'Enabled' Requirement 2: System Hardening - Additonal Measues: User Account Control Rules Set 'User Account Control: Admin Approval Mode for the Built-in Administrator account' to 'Enabled' Set 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' to 'Disabled' Set 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' to 'Prompt for consent on the secure desktop' Set 'User Account Control: Behavior of the elevation prompt for standard users' to 'Automatically deny elevation requests' Set 'User Account Control: Detect application installations and prompt for elevation' to 'Enabled' Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled' Set 'User Account Control: Run all administrators in Admin Approval Mode' to 'Enabled' Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled' Set 'User Account Control: Virtualize file and registry write failures to per-user locations' to 'Enabled' Requirement 2: System Hardening - Additonal Measues: AutoPlay Policies Rules Set 'Turn off Autoplay' to 'Enabled:All drives' Requirement 2: System Hardening - Additonal Measues: EMET Rules Ensure EMET is installed Set 'Default Protections for Internet Explorer' to 'Enabled' Set 'Default Protections for Popular Software' to 'Enabled' Set 'Default Protections for Recommended Software' to 'Enabled' Set 'System ASLR' to 'Enabled:Application Opt-In' Set 'System DEP' to 'Enabled:Application Opt-Out' Page 7

8 Set 'System SEHOP' to 'Enabled:Application Opt-Out' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - User Rights Assignment Set 'Access Credential Manager as a trusted caller' to 'No One' Set 'Access this computer from the network' Set 'Act as part of the operating system' to 'No One' Set 'Adjust memory quotas for a process' to 'Administrators, LOCAL SERVICE, NETWORK SERVICE' Set 'Allow log on locally' to 'Administrators' Configure 'Allow log on through Remote Desktop Services' Set 'Back up files and directories' to 'Administrators' Set 'Change the system time' to 'Administrators, LOCAL SERVICE' Set 'Change the time zone' to 'Administrators, LOCAL SERVICE' Set 'Create a pagefile' to 'Administrators' Set 'Create a token object' to 'No One' Set 'Create global objects' to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' Set 'Create permanent shared objects' to 'No One' Set 'Create symbolic links' to 'Administrators' Set 'Debug programs' to 'Administrators' Set 'Enable computer and user accounts to be trusted for delegation' Set 'Force shutdown from a remote system' to 'Administrators' Set 'Impersonate a client after authentication' to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' Set 'Increase scheduling priority' to 'Administrators' Set 'Load and unload device drivers' to 'Administrators' Set 'Lock pages in memory' to 'No One' Set 'Modify an object label' to 'No One' Set 'Modify firmware environment values' to 'Administrators' Set 'Perform volume maintenance tasks' to 'Administrators' Set 'Profile single process' to 'Administrators' Set 'Profile system performance' to 'Administrators, NT SERVICE\WdiServiceHost' Set 'Replace a process level token' to 'LOCAL SERVICE, NETWORK SERVICE' Set 'Restore files and directories' to 'Administrators' Set 'Shut down the system' to 'Administrators' Set 'Take ownership of files or other objects' to 'Administrators' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Security Options Set 'Accounts: Block Microsoft accounts' to 'Users can't add or log on with Microsoft accounts' Set 'Accounts: Guest account status' to 'Disabled' Set 'Accounts: Limit local account use of blank passwords to console logon only' to 'Enabled' Configure 'Accounts: Rename administrator account' Configure 'Accounts: Rename guest account' Page 8

9 Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Devices Rules Set 'Devices: Allowed to format and eject removable media' to 'Administrators' Set 'Devices: Prevent users from installing printer drivers' to 'Enabled' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Domain member Rules Set 'Domain member: Digitally encrypt or sign secure channel data (always)' to 'Enabled' Set 'Domain member: Digitally encrypt secure channel data (when possible)' to 'Enabled' Set 'Domain member: Digitally sign secure channel data (when possible)' to 'Enabled' Set 'Domain member: Disable machine account password changes' to 'Disabled' Set 'Domain member: Maximum machine account password age' to 30 or fewer days, but not Set 'Domain member: Require strong (Windows 2000 or later) session key' to 'Enabled' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Interactive logon Rules Set 'Interactive logon: Do not display last user name' to 'Enabled' Set 'Interactive logon: Do not require CTRL+ALT+DEL' to 'Disabled' Configure 'Interactive logon: Message text for users attempting to log on' Configure 'Interactive logon: Message title for users attempting to log on' Set 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' to '4 or fewer logon(s)' Set 'Interactive logon: Prompt user to change password before expiration' to 'between 5 and 14 days' Set 'Interactive logon: Smart card removal behavior' to 'Lock Workstation' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Microsoft network client Rules Set 'Microsoft network client: Digitally sign communications (always)' to 'Enabled' Set 'Microsoft network client: Digitally sign communications (if server agrees)' to 'Enabled' Set 'Microsoft network client: Send unencrypted password to third-party SMB servers' to 'Disabled' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Microsoft network server Rules Set 'Microsoft network server: Digitally sign communications (always)' to 'Enabled' Set 'Microsoft network server: Digitally sign communications (if client agrees)' to 'Enabled' Set 'Microsoft network server: Server SPN target name validation level' to 'Accept if provided by client' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - MSS Rules Set 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' to 'Disabled' Set 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' to 'Highest protection, source routing 1 is completely Pass disabled' Set 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' to 'Highest protection, source routing 1 is completely disabled' Pass Set 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' to 'Enabled' Page 9

10 Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '90% or less' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Recovery console Rules Set 'Recovery console: Allow automatic administrative logon' to 'Disabled' Set 'Recovery console: Allow floppy copy and access to all drives and all folders' to 'Disabled' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - Shutdown Rules Set 'Shutdown: Allow system to be shut down without having to log on' to 'Disabled' Requirement 2: System Hardening - Security parameters to prevent misuse: Account Policies - System objects Rules Set 'System objects: Require case insensitivity for non-windows subsystems' to 'Enabled' Set 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' to 'Enabled' 3 Protect Cardholder Data: Requirement 3: Protect stored cardholder data 3.1 Requirement 3: Protect stored cardholder data: Render PAN unreadable anywhere it is stored (including on portable digital media, backup media, and in logs) Requirement 3: Protect stored cardholder data: Render stored PANs unreadable Verify that Cardholder Data Encryption and Tokenization measures are in place (Rule not automatically assessed) 4.1 Requirement 4: Use strong cryptography and security protocols (for example, TLS, IPSEC, SSH, etc.) to safeguard sensitive cardholder data during transmission over open, public netw 4 Protect Cardholder Data: Requirement 4: Encrypt transmission of cardholder data across open networks Requirement 4: Encrypt transmission of cardholder data: Use strong cryptography and security protocols Configure 'System cryptography: Force strong key protection for user keys stored on the computer' Set 'System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing' to 'Enabled' Set 'Network security: LAN Manager authentication level' to 'Send NTLMv2 response only. Refuse LM & NTLM' Set 'Network security: LDAP client signing requirements' to 'Negotiate signing' or higher Set 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' to 'Require NTLMv2 session security,require bit encryption' Pass Set 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' to 'Require NTLMv2 session security,require bit encryption' Pass Set 'Domain member: Require strong (Windows 2000 or later) session key' to 'Enabled' 5 Maintain a Vulnerability Management Program: Requirement 5: Protect all systems against malware 5.1 Requirement 5: Protect all systems against malware and regularly update anti-virus software or programs Requirement 5: Anti-Virus Protection Check Verify Virus Protection is enabled and updated Requirement 5: Protect all systems against malware: Early Launch Antimalware Rules Set 'Boot-Start Driver Initialization Policy' to 'Enabled: Good, unknown and bad but critical' Page 10

11 5.1.3 Requirement 5: Protect all systems against malware: Attachment Rules Set 'Notify antivirus programs when opening attachments' to 'Enabled' 6 Maintain a Vulnerability Management Program: Requirement 6: Develop and maintain secure systems and applications 6.1 Requirement 6: Develop and maintain secure systems and applications Requirement 6: Develop and maintain secure systems and applications - Windows Update Rules Set 'Configure Automatic Updates' to 'Enabled' Set 'Configure Automatic Updates: Scheduled install day' to '0 - Every day' Set 'Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box' to 'Disabled' Set 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' to 'Disabled' Set 'No auto-restart with logged on users for scheduled automatic updates installations' to 'Disabled' Set 'Reschedule Automatic Updates scheduled installations' to 'Enabled:1 minute' 7.1 Requirement 7: Requirement 7: Restrict access to cardholder data by business need to know: Restriction of access to privileged user IDs to least privileges necessary to perform job res 7 Implement Strong Access Control Measures: Requirement 7: Restrict access to cardholder data by business need to know Requirement 7: Restrict access to cardholder data by business need to know - Network Access Rules Set 'Network access: Allow anonymous SID/Name translation' to 'Disabled' Set 'Network access: Do not allow anonymous enumeration of SAM accounts' to 'Enabled' Set 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' to 'Enabled' Set 'Network access: Let Everyone permissions apply to anonymous users' to 'Disabled' Configure 'Network Access: Named Pipes that can be accessed anonymously' Set 'Network access: Remotely accessible registry paths' Set 'Network access: Remotely accessible registry paths and sub-paths' Set 'Network access: Restrict anonymous access to Named Pipes and Shares' to 'Enabled' Set 'Network access: Shares that can be accessed anonymously' to 'None' Set 'Network access: Sharing and security model for local accounts' to 'Classic - local users authenticate as themselves' Requirement 7: Restrict access to cardholder data by business need to know - Network Security Rules Set 'Do not display network selection UI' to 'Enabled' Set 'Configure Offer Remote Assistance' to 'Disabled' Set 'Configure Solicited Remote Assistance' to 'Disabled' Set 'Network security: Allow Local System to use computer identity for NTLM' to 'Enabled' Set 'Network security: Allow LocalSystem NULL session fallback' to 'Disabled' Set 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' to 'Disabled' Set 'Network Security: Configure encryption types allowed for Kerberos' to 'RC4\AES128\AES256\Future types' Set 'Network security: Do not store LAN Manager hash value on next password change' to 'Enabled' Set 'Deny access to this computer from the network' Set 'Deny log on as a batch job' to include 'Guests' Set 'Deny log on as a service' to include 'Guests' Page 11

12 Set 'Deny log on locally' to include 'Guests' Set 'Deny log on through Remote Desktop Services' to include 'Guests, Local account' 8.1 Requirement 8: Identify and authenticate access to system components: Restrict access to cardholder data by business need to know: 8.1 Define and implement policies and procedure 8 Implement Strong Access Control Measures: Requirement 8: Identify and authenticate access to system components Requirement 8: Identify and authenticate access to system components - Account Lockout Rules Set 'Account lockout threshold' to 6 or fewer invalid logon attempt(s), but not Set 'Account lockout duration' to '30 or more minute(s)' Set 'Reset account lockout counter after' to '30 or more minute(s)' Set 'Network security: Force logoff when logon hours expire' to 'Enabled' Set 'Microsoft network server: Disconnect clients when logon hours expire' to 'Enabled' Set 'Interactive logon: Machine inactivity limit' to 15 minutes or fewer second(s), but not Set 'Microsoft network server: Amount of idle time required before suspending session' to '15 or fewer minute(s)' Set 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires must be set to zero seconds Requirement 8: Identify and authenticate access to system components - Password Policy Set 'Enforce password history' to '24 or more password(s)' Set 'Maximum password age' to 60 or fewer days, but not Set 'Minimum password age' to '1 or more day(s)' Set 'Minimum password length' to '14 or more character(s)' Set 'Password must meet complexity requirements' to 'Enabled' Set 'Store passwords using reversible encryption' to 'Disabled' Requirement 8: Identify and authenticate access to system components - Windows Logon Options Rules Set 'Sign-in last interactive user automatically after a system-initiated restart' to 'Disabled' Requirement 8: Identify and authenticate access to system components - Windows Remote Management (WinRM)-WinRM Client Rules Set 'Allow Basic authentication' to 'Disabled' Set 'Allow unencrypted traffic' to 'Disabled' Set 'Disallow Digest authentication' to 'Enabled' Requirement 8: Identify and authenticate access to system components - Remote Desktop Rules Set 'Do not allow passwords to be saved' to 'Enabled' Set 'Do not allow drive redirection' to 'Enabled' Set 'Always prompt for password upon connection' to 'Enabled' Set 'Set client connection encryption level: Encryption Level' to 'Enabled: High Level' 9 Maintain a Vulnerability Management Program: Requirement 9: Restrict physical access to cardholder data Page 12

13 9.1 Requirement 9: Restrict physical access to cardholder data: Physical Protection procedures and measures Requirement 9: Restrict physical access to cardholder data: Physical Protection procedures and measures Verify PCI DSS Requirement 9 requirements are being operated (Rule not automatically assessed) 10 Regularly Monitor and Test Networks: Requirement 10: Track and monitor all access to network resources and cardholder data 10.1 Requirement 10: Track access to network/cardholder data: Retain and Review System Audit Trails Requirement 10: Track access to network/cardholder data: Account Policies - Audit Rules Set 'Manage auditing and security log' to 'Administrators' Set 'Generate security audits' to 'LOCAL SERVICE, NETWORK SERVICE' Set 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' to 'Enabled' Set 'Audit: Shut down system immediately if unable to log security audits' to 'Disabled' Requirement 10: Track access to network/cardholder data: Windows Components - Event Log Rules Set 'Maximum Log Size (KB)' to 'Enabled:32768' Set 'Retain old events' to 'Disabled' Set 'Retain old events' to 'Disabled' Set 'Maximum Log Size (KB)' to 'Enabled:81920' Set 'Maximum Log Size (KB)' to 'Enabled:32768' Set 'Retain old events' to 'Disabled' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - System Rules Set 'Audit Policy: System: System Integrity' to 'Success and Failure' Set 'Audit Policy: System: Security System Extension' to 'Success and Failure' Set 'Audit Policy: System: Security State Change' to 'Success and Failure' Set 'Audit Policy: System: IPsec Driver' to 'Success and Failure' Set 'Audit Policy: System: Other System Events' to 'No Auditing' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Object Access Rules Set 'Audit Policy: Object Access: Handle Manipulation' to 'No Auditing' Set 'Audit Policy: Object Access: Other Object Access Events' to 'No Auditing' Set 'Audit Policy: Object Access: File Share' to 'No Auditing' Set 'Audit Policy: Object Access: File System' to 'No Auditing' Set 'Audit Policy: Object Access: SAM' to 'No Auditing' Set 'Audit Policy: Object Access: Kernel Object' to 'No Auditing' Set 'Audit Policy: Object Access: Filtering Platform Packet Drop' to 'No Auditing' Set 'Audit Policy: Object Access: Registry' to 'No Auditing' Set 'Audit Policy: Object Access: Certification Services' to 'No Auditing' Set 'Audit Policy: Object Access: Application Generated' to 'No Auditing' Page 13

14 Set 'Audit Policy: Object Access: Detailed File Share' to 'No Auditing' Set 'Audit Policy: Object Access: Filtering Platform Connection' to 'No Auditing' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Logon-Logoff Rules Set 'Audit Policy: Logon-Logoff: Other Logon/Logoff Events' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: Special Logon' to 'Success' Set 'Audit Policy: Logon-Logoff: IPsec Main Mode' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: Account Lockout' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: IPsec Extended Mode' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: IPsec Quick Mode' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: Logoff' to 'Success' Set 'Audit Policy: Logon-Logoff: Network Policy Server' to 'No Auditing' Set 'Audit Policy: Logon-Logoff: Logon' to 'Success and Failure' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - DS Access Rules Set 'Audit Policy: DS Access: Directory Service Replication' to 'No Auditing' Set 'Audit Policy: DS Access: Detailed Directory Service Replication' to 'No Auditing' Set 'Audit Policy: DS Access: Directory Service Changes' to 'No Auditing' Set 'Audit Policy: DS Access: Directory Service Access' to 'No Auditing' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Detailed Tracking Rules Set 'Audit Policy: Detailed Tracking: DPAPI Activity' to 'No Auditing' Set 'Audit Policy: Detailed Tracking: Process Termination' to 'No Auditing' Set 'Audit Policy: Detailed Tracking: Process Creation' to 'Success' Set 'Audit Policy: Detailed Tracking: RPC Events' to 'No Auditing' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Policy Change Rules Set 'Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change' to 'No Auditing' Set 'Audit Policy: Policy Change: Filtering Platform Policy Change' to 'No Auditing' Set 'Audit Policy: Policy Change: Authorization Policy Change' to 'No Auditing' Set 'Audit Policy: Policy Change: Audit Policy Change' to 'Success and Failure' Set 'Audit Policy: Policy Change: Other Policy Change Events' to 'No Auditing' Set 'Audit Policy: Policy Change: Authentication Policy Change' to 'Success' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Account Management Rules Set 'Audit Policy: Account Management: Distribution Group Management' to 'No Auditing' Set 'Audit Policy: Account Management: Computer Account Management' to 'Success' Set 'Audit Policy: Account Management: User Account Management' to 'Success and Failure' Page 14

15 Set 'Audit Policy: Account Management: Security Group Management' to 'Success and Failure' Set 'Audit Policy: Account Management: Other Account Management Events' to 'Success and Failure' Set 'Audit Policy: Account Management: Application Group Management' to 'No Auditing' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Account Logon Rules Set 'Audit Policy: Account Logon: Kerberos Authentication Service' to 'No Auditing' Set 'Audit Policy: Account Logon: Other Account Logon Events' to 'No Auditing' Set 'Audit Policy: Account Logon: Kerberos Service Ticket Operations' to 'No Auditing' Set 'Audit Policy: Account Logon: Credential Validation' to 'Success and Failure' Requirement 10: Track access to network/cardholder data: Advanced Audit Policy Configuration - Privilege Use Rules Set 'Audit Policy: Privilege Use: Other Privilege Use Events' to 'No Auditing' Set 'Audit Policy: Privilege Use: Non Sensitive Privilege Use' to 'No Auditing' Set 'Audit Policy: Privilege Use: Sensitive Privilege Use' to 'Success and Failure' Requirement 11: Regularly test security systems and processes: 11.5 Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauth 11 Regularly Monitor and Test Networks: Requirement 11: Regularly test security systems and processes 11.1 Requirement 11: Regularly test security systems and processes Implement File Integrity Monitoring: Verify the use of a change-detection mechanism within the cardholder data environment by observing system 1 settings and monitored Pass files, as w 12 Maintain an Information Security Policy: Requirement 12: Maintain a policy that addresses information security for all personnel 12.1 Requirement 12: Maintain a policy that addresses information security for all personnel Requirement 12: Maintain a policy that addresses information security for all personnel: Policy and Procedure Documentation Verify PCI DSS Requirement 12 requirements are being operated Page 15

Windows Server 2008/2012 Server Hardening

Windows Server 2008/2012 Server Hardening Account Policies Enforce password history 24 Maximum Password Age - 42 days Minimum Password Age 2 days Minimum password length - 8 characters Password Complexity - Enable Store Password using Reversible

More information

Service Name Startup Type Log On As. ActiveX Installer (AxInstSV) Manual Local System. Adaptive Brightness Manual Local Service

Service Name Startup Type Log On As. ActiveX Installer (AxInstSV) Manual Local System. Adaptive Brightness Manual Local Service Did you tweak the Services configuration incorrectly, resulting in a system slowdown or leading to other catastrophe? And you don t remember the original configuration to revert back? You may find the

More information

Web. Security Options Comparison

Web. Security Options Comparison Web 3 Security Options Comparison Windows Server 2003 provides a number of Security Options that can be applied within the scope of managing a GPO. Most are the same as those available in Windows 2000.

More information

Defense Security Service Office of the Designated Approving Authority

Defense Security Service Office of the Designated Approving Authority Defense Security Service Office of the Designated Approving Authority Baseline Technical Security Configuration of Microsoft Windows 7 and Microsoft Server 2008 R2 Version 1.0 Title Page Document Name:

More information

Services on Server 11/5/2015 00:00:00-12/4/2015 23:59:59

Services on Server 11/5/2015 00:00:00-12/4/2015 23:59:59 Services on Server 11/5/2015 00:00:00-12/4/2015 23:59:59 Computers: SQL2014 Computer: SQL2014 Microsoft Monitoring Agent Audit Forwarding Stopped Disabled NT AUTHORITY\NetworkService Sends events to a

More information

Security Options... 1

Security Options... 1 Effective Server Security Options Period: Last 20 week(s) Generated: For: Brian Bartlett bbartlett@ecora.com By: Ecora Auditor Professional 4.5 - Windows Module 4.5.8010.20310 Using: Customized FFR Definition

More information

CIS Microsoft Windows 7 Benchmark. v2.1.0-12-03-2013. http://benchmarks.cisecurity.org

CIS Microsoft Windows 7 Benchmark. v2.1.0-12-03-2013. http://benchmarks.cisecurity.org CIS Microsoft Windows 7 Benchmark v2.1.0-12-03-2013 http://benchmarks.cisecurity.org The CIS Security Benchmarks division provides consensus-oriented information security products, services, tools, metrics,

More information

Belarc Advisor Security Benchmark Summary

Belarc Advisor Security Benchmark Summary Page 1 of 5 The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple computers in a corporate, educational, military or government installation is prohibited.

More information

CIS Microsoft Windows Server 2012. v1.0.0. Benchmark

CIS Microsoft Windows Server 2012. v1.0.0. Benchmark CIS Microsoft Windows Server 2012 v1.0.0 Benchmark 01-31-2013 The CIS Security Benchmarks division provides consensus-oriented information security products, services, tools, metrics, suggestions, and

More information

Walton Centre. Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure

Walton Centre. Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure Page 1 Walton Centre Access and Authentication (network) Document History Date Version Author Changes 01/10/04 1.0 A Cobain L Wyatt 31/03/05 1.1 L Wyatt Update to procedure Page 2 Table of Contents Section

More information

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) WHITE PAPER SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X) INTRODUCTION This document covers the recommended best practices for hardening a Cisco Personal Assistant 1.4(x) server. The term

More information

NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v2-1-0-2

NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v2-1-0-2 NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v2-1-0-2: NNTDC01 On NNTDC01 - By admin for time period 5/23/2014 8:49:51 AM to 5/23/2014 8:49:51 AM NNT CIS Microsoft Windows Server

More information

About Microsoft Windows Server 2003

About Microsoft Windows Server 2003 About Microsoft Windows Server 003 Windows Server 003 (WinK3) requires extensive provisioning to meet both industry best practices and regulatory compliance. By default the Windows Server operating system

More information

Windows Server 2003 default services

Windows Server 2003 default services Windows Server 2003 default services To view a description for a particular service, hover the mouse pointer over the service in the Name column. The descriptions included here are based on Microsoft documentation.

More information

CHARON-VAX application note

CHARON-VAX application note CHARON-VAX application note AN-33 Required Windows Standard Services Author: Software Resources International Date: 16-Jan-2006 Software Resources International (SRI) recommends the use of the host operating

More information

CIS Microsoft Windows XP Benchmark. v3.1.0-12-03-2013. http://benchmarks.cisecurity.org

CIS Microsoft Windows XP Benchmark. v3.1.0-12-03-2013. http://benchmarks.cisecurity.org CIS Microsoft Windows XP Benchmark v3.1.0-12-03-2013 http://benchmarks.cisecurity.org The CIS Security Benchmarks division provides consensus-oriented information security products, services, tools, metrics,

More information

Defense Security Service Industrial Security Field Operations NISP Authorization Office. Technical Assessment Guide for Windows 7 Operating System

Defense Security Service Industrial Security Field Operations NISP Authorization Office. Technical Assessment Guide for Windows 7 Operating System Defense Security Service Industrial Security Field Operations NISP Authorization Office Technical Assessment Guide for Windows 7 Operating System February 2016 Revision Log Date Revision Description of

More information

Windows 7 / Server 2008 R2 Configuration Overview. By: Robert Huth Dated: March 2014

Windows 7 / Server 2008 R2 Configuration Overview. By: Robert Huth Dated: March 2014 Windows 7 / Server 2008 R2 Configuration Overview By: Robert Huth Dated: March 2014 Expectations This Windows 7 / Server 2008 R2 (Win7-2K8) presentation is a general overview of the technical security

More information

Secure configuration document

Secure configuration document Secure configuration document Windows 7 Draft 0.1. DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India Document Control S. No.

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 Domain Controllers Version: 3.0.0 Symantec Enterprise Security Manager Baseline Policy Manual for

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

74% 96 Action Items. Compliance

74% 96 Action Items. Compliance Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on July 02, 2013 11:12 AM 1 74% Compliance 96 Action Items Upcoming 0 items About PCI DSS 2.0 PCI-DSS is a legal obligation mandated

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

Services Summary... 1

Services Summary... 1 Services Report By Service Name Period: Last 20 week(s) Generated: For: Internal Auditor InternalAuditor@ecora.com By: Ecora Auditor Professional 4.5 - Windows Module 4.5.8063.19200 Using: FFR Definition

More information

Compliance Score : 99.12% Summary

Compliance Score : 99.12% Summary Compliance Score : 99.12% Summary This document provides prescriptive guidance for establishing a secure configuration posture for CIS Microsoft Windows Server 2012 R2 (Member Server). To obtain the latest

More information

Windows 7 Core Services: Application Experience. Application Information. Background Intelligent Transfer. Base Filtering Engine.

Windows 7 Core Services: Application Experience. Application Information. Background Intelligent Transfer. Base Filtering Engine. Yegor Hanov EECS710, Fall 2012 Homework Assignment 10/23/12 Assignment 2: Core Windows 7 Services I reviewed the list of active services running on my laptop during normal operation. The list [1] contains

More information

"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary

Charting the Course... ... to Your Success! MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse

More information

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

More information

Objectives. At the end of this chapter students should be able to:

Objectives. At the end of this chapter students should be able to: NTFS PERMISSIONS AND SECURITY SETTING.1 Introduction to NTFS Permissions.1.1 File Permissions and Folder Permission.2 Assigning NTFS Permissions and Special Permission.2.1 Planning NTFS Permissions.2.2

More information

Windows Server Hardening Guideline

Windows Server Hardening Guideline Security Hardening General Information System / Project Name Host Name Model/Type Operating System IP Address(es) Subnet Mask(s) Default Gateway(s) DNS Server(s) Service Pack Release Domain / Workgroup

More information

Windows Advanced Audit Policy Configuration

Windows Advanced Audit Policy Configuration Windows Advanced Audit Policy Configuration EventTracker v7.x Publication Date: May 6, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract This document describes auditing

More information

Default Domain Policy Data collected on: 10/12/2012 5:28:08 PM General

Default Domain Policy Data collected on: 10/12/2012 5:28:08 PM General Default Domain Default Domain Data collected on: 10/12/2012 5:28:08 PM General Details Domain Owner Created Modified User Revisions Computer Revisions Unique ID GPO Status webrecon.local WEBRECON\Domain

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers) Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 (Domain Member Servers and Domain Controllers) Symantec Enterprise Security Manager Baseline Policy

More information

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12 Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge

More information

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed. CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! 50331 - Windows 7, Enterprise Desktop Support Technician Duration: 5 days About this Course This five-day

More information

Agency Pre Migration Tasks

Agency Pre Migration Tasks Agency Pre Migration Tasks This document is to be provided to the agency and will be reviewed during the Migration Technical Kickoff meeting between the ICS Technical Team and the agency. Network: Required

More information

Configuring Security Features of Session Recording

Configuring Security Features of Session Recording Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording

More information

GlobalSCAPE DMZ Gateway, v1. User Guide

GlobalSCAPE DMZ Gateway, v1. User Guide GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical

More information

MCSE 2003. Core exams (Networking) One Client OS Exam. Core Exams (6 Exams Required)

MCSE 2003. Core exams (Networking) One Client OS Exam. Core Exams (6 Exams Required) MCSE 2003 Microsoft Certified Systems Engineer (MCSE) candidates on the Microsoft Windows Server 2003 track are required to satisfy the following requirements: Core Exams (6 Exams Required) Four networking

More information

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 24 Windows and Windows Vista Security First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Windows and Windows Vista Security

More information

Catapult PCI Compliance

Catapult PCI Compliance Catapult PCI Compliance Table of Contents Catapult PCI Compliance...1 Table of Contents...1 Overview Catapult (PCI)...2 Support and Contact Information...2 Dealer Support...2 End User Support...2 Catapult

More information

Locking down a Hitachi ID Suite server

Locking down a Hitachi ID Suite server Locking down a Hitachi ID Suite server 2016 Hitachi ID Systems, Inc. All rights reserved. Organizations deploying Hitachi ID Identity and Access Management Suite need to understand how to secure its runtime

More information

המרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון 79165 טל'- 08-6801535 פקס- 08-6801543 בשיתוף עם מכללת הנגב ע"ש ספיר

המרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון 79165 טל'- 08-6801535 פקס- 08-6801543 בשיתוף עם מכללת הנגב עש ספיר מודולות הלימוד של מייקרוסופט הקורס מחולק ל 4 מודולות כמפורט:.1Configuring Microsoft Windows Vista Client 70-620 Installing and upgrading Windows Vista Identify hardware requirements. Perform a clean installation.

More information

Virtual Data Centre. User Guide

Virtual Data Centre. User Guide Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

Microsoft Solutions for Security and Compliance. Windows Server 2003 Security Guide

Microsoft Solutions for Security and Compliance. Windows Server 2003 Security Guide Microsoft Solutions for Security and Compliance Windows Server 2003 Security Guide 2006 Microsoft Corporation. This work is licensed under the Creative Commons Attribution-Non Commercial License. To view

More information

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client. WatchGuard SSL v3.2 Release Notes Supported Devices SSL 100 and 560 WatchGuard SSL OS Build 355419 Revision Date January 28, 2013 Introduction WatchGuard is pleased to announce the release of WatchGuard

More information

CIS Microsoft Windows Server 2003. Benchmark. v3.1.0-12-03-2013. http://benchmarks.cisecurity.org

CIS Microsoft Windows Server 2003. Benchmark. v3.1.0-12-03-2013. http://benchmarks.cisecurity.org CIS Microsoft Windows Server 2003 v3.1.0-12-03-2013 Benchmark http://benchmarks.cisecurity.org The CIS Security Benchmarks division provides consensus-oriented information security products, services,

More information

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit. SiteAudit Knowledge Base Deployment Check List June 2012 In This Article: Platform Requirements Windows Settings Discovery Configuration Before deploying SiteAudit it is recommended to review the information

More information

MCSA Security + Certification Program

MCSA Security + Certification Program MCSA Security + Certification Program 12 credit hours 270 hours to complete certifications Tuition: $4500 Information technology positions are high-demand occupations that support virtually all industries.

More information

Lesson Plans Microsoft s Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Lesson Plans Microsoft s Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Lesson Plans Microsoft s Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam 70-293) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction...

More information

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015 Metalogix SharePoint Backup Publication Date: August 24, 2015 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this

More information

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Question Number (ID) : 1 (jaamsp_mngnwi-025) Lisa would like to configure five of her 15 Web servers, which are running Microsoft Windows Server 2003, Web Edition, to always receive specific IP addresses

More information

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions The objective of Implementing Citrix NetScaler 10.5 for App and Desktop Solutions is to provide the foundational concepts and skills

More information

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM)

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM) Kepware Technologies Remote OPC DA Quick Start Guide (DCOM) March, 2013 Ref. 03.10 Kepware Technologies Table of Contents 1. Overview... 1 1.1 What is DCOM?... 1 1.2 What is OPCEnum?... 1 2. Users and

More information

Kaseya Server Instal ation User Guide June 6, 2008

Kaseya Server Instal ation User Guide June 6, 2008 Kaseya Server Installation User Guide June 6, 2008 About Kaseya Kaseya is a global provider of IT automation software for IT Solution Providers and Public and Private Sector IT organizations. Kaseya's

More information

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10 Table Of Contents - - WINDOWS SERVER 2003 MAINTAINING AND MANAGING ENVIRONMENT...1 WINDOWS SERVER 2003 IMPLEMENTING, MANAGING & MAINTAINING...6 WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS

More information

Achieving PCI-Compliance through Cyberoam

Achieving PCI-Compliance through Cyberoam White paper Achieving PCI-Compliance through Cyberoam The Payment Card Industry (PCI) Data Security Standard (DSS) aims to assure cardholders that their card details are safe and secure when their debit

More information

SonicWALL PCI 1.1 Implementation Guide

SonicWALL PCI 1.1 Implementation Guide Compliance SonicWALL PCI 1.1 Implementation Guide A PCI Implementation Guide for SonicWALL SonicOS Standard In conjunction with ControlCase, LLC (PCI Council Approved Auditor) SonicWall SonicOS Standard

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005

Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005 Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005 Revision 1.3: Cleaned up resources and added additional detail into each auditing table. Revision 1.4:

More information

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary Course Summary Description The objective of this course is to provide the foundational concepts and teach the skills necessary to implement, configure, secure and monitor a Citrix NetScaler system with

More information

70-685: Enterprise Desktop Support Technician

70-685: Enterprise Desktop Support Technician 70-685: Enterprise Desktop Support Technician Course Introduction Course Introduction Chapter 01 - Identifying Cause and Resolving Desktop Application Issues Identifying Cause and Resolving Desktop Application

More information

vcloud Director User's Guide

vcloud Director User's Guide vcloud Director 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of

More information

Disable Redundant Windows XP Services which are Hogging Your RAM

Disable Redundant Windows XP Services which are Hogging Your RAM X P Services Optimisation X 36/1 Disable Redundant Windows XP Services which are Hogging Your RAM With the information in this article you can: Configure your Windows XP Services for top performance Identify

More information

MCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring

MCSA Objectives. Exam 70-236: TS:Exchange Server 2007, Configuring MCSA Objectives Exam 70-236: TS:Exchange Server 2007, Configuring Installing and Configuring Microsoft Exchange Servers Prepare the infrastructure for Exchange installation. Prepare the servers for Exchange

More information

Objectif. Participant. Prérequis. Remarque. Programme. Windows 7, Enterprise Desktop Support Technician (seven)

Objectif. Participant. Prérequis. Remarque. Programme. Windows 7, Enterprise Desktop Support Technician (seven) Objectif This five-day instructor-ledcourse provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Windows 7, Enterprise Desktop Support Technician Course Number: 70-685 Certification Exam This course is preparation for the Microsoft Certified IT Professional (MCITP) Exam, Exam 70-685: Pro: Windows

More information

Lesson Plans Managing a Windows 2003 Network Infrastructure

Lesson Plans Managing a Windows 2003 Network Infrastructure Lesson Plans Managing a Windows 2003 Network Infrastructure (Exam 70-291) Table of Contents Course Overview... 2 Section 0.1: Introduction... 3 Section 1.1: Client Configuration... 4 Section 1.2: IP Addressing...

More information

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security. www.uscyberpatriot.

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE. Microsoft Windows Security. www.uscyberpatriot. AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT FIVE Microsoft Windows Security www.uscyberpatriot.org AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION

More information

6445A - Implementing and Administering Windows Small Business Server 2008

6445A - Implementing and Administering Windows Small Business Server 2008 6445A - Implementing and Administering Windows Small Business Server 2008 Course Number: 6445A Course Length: 5 Days Course Overview This 5 day course provides students with the necessary knowledge to

More information

Remote Administration

Remote Administration Windows Remote Desktop, page 1 pcanywhere, page 3 VNC, page 7 Windows Remote Desktop Remote Desktop permits users to remotely execute applications on Windows Server 2008 R2 from a range of devices over

More information

SQL Server Hardening

SQL Server Hardening Considerations, page 1 SQL Server 2008 R2 Security Considerations, page 4 Considerations Top SQL Hardening Considerations Top SQL Hardening considerations: 1 Do not install SQL Server on an Active Directory

More information

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4

More information

Security Configuration Benchmark For. Microsoft Windows 7. Version 1.1.0 July 30 th 2010

Security Configuration Benchmark For. Microsoft Windows 7. Version 1.1.0 July 30 th 2010 Security Configuration Benchmark For Microsoft Windows 7 Version 1.1.0 July 30 th 2010 Copyright 2001-2010, The Center for Internet Security http://cisecurity.org feedback@cisecurity.org Background. CIS

More information

Citrix Access Gateway Plug-in for Windows User Guide

Citrix Access Gateway Plug-in for Windows User Guide Citrix Access Gateway Plug-in for Windows User Guide Access Gateway 9.2, Enterprise Edition Copyright and Trademark Notice Use of the product documented in this guide is subject to your prior acceptance

More information

Activity 1: Scanning with Windows Defender

Activity 1: Scanning with Windows Defender Activity 1: Scanning with Windows Defender 1. Click on Start > All Programs > Windows Defender 2. Click on the arrow next to Scan 3. Choose Custom Scan Page 1 4. Choose Scan selected drives and folders

More information

Advanced Diploma In Hardware, Networking & Server Configuration

Advanced Diploma In Hardware, Networking & Server Configuration Advanced Diploma In Hardware, Networking & Server Configuration Who should do this course? This course is meant for those persons who have a dream of getting job based on Computer Hardware, Networking

More information

TestNav 8 User Guide for PARCC

TestNav 8 User Guide for PARCC TestNav 8 User Guide for PARCC Copyright 2014, Pearson Education, Inc. Published March 6, 2014 TestNav 8 User Guide for PARCC 1 TestNav 8 User Guide for PARCC Revision History What is TestNav? Technical

More information

Configuring Windows Server 2008 Network Infrastructure

Configuring Windows Server 2008 Network Infrastructure Configuring Windows Server 2008 Network Infrastructure Course Number: 70-642 Certification Exam This course is preparation for the Microsoft Technical Specialist (TS) exam, Exam 70-642: TS: Windows Server

More information

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server

ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server ITKwebcollege.ADMIN-Basics Fundamentals of Microsoft Windows Server Inhalte Teil 01 Network Architecture Standards Network Components and Terminology Network Architecture Network Media Access Control Methods

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS

Contents. Supported Platforms. Event Viewer. User Identification Using the Domain Controller Security Log. SonicOS SonicOS User Identification Using the Domain Controller Security Log Contents Supported Platforms... 1 Event Viewer... 1 Configuring Group Policy to Enable Logon Audit... 2 Events in Security Log... 4

More information

Audit Policy Subcategories

Audit Policy Subcategories 668 CHAPTER 20 Windows Server 2008 R2 Management and Maintenance Practices These recommended settings are sufficient for the majority of organizations. However, they can generate a heavy volume of events

More information

MCSE TestPrep: Windows NT Server 4, Second Edition - 3 - Managing Resources

MCSE TestPrep: Windows NT Server 4, Second Edition - 3 - Managing Resources MCSE TestPrep: Windows NT Server 4, Second Edition - CH 3 - Managing Resources Page 1 of 36 [Figures are not included in this sample chapter] MCSE TestPrep: Windows NT Server 4, Second Edition - 3 - Managing

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Configuration Information

Configuration Information This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard. Other topics covered include Email Security interface navigation,

More information

Microsoft Windows XP Professional: Guide to Creating a More Secure Operating System

Microsoft Windows XP Professional: Guide to Creating a More Secure Operating System Microsoft Windows XP Professional: Guide to Creating a More Secure Operating System Introduction This document contains specific guidelines for establishing a secure Microsoft Windows XP computing environment.

More information

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But

More information

Black Viper s Windows 10 Service Configurations» Black Viper

Black Viper s Windows 10 Service Configurations» Black Viper Black Viper s Windows 10 Configurations» Black Viper www.blackviper.com Display Name Name ActiveX Installer (AxInstSV) AxInstSV App Readiness AppReadiness Application Host Helper AppHostSvc Not Installed

More information

NETASQ SSO Agent Installation and deployment

NETASQ SSO Agent Installation and deployment NETASQ SSO Agent Installation and deployment Document version: 1.3 Reference: naentno_sso_agent Page 1 / 20 Copyright NETASQ 2013 General information 3 Principle 3 Requirements 3 Active Directory user

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

Remote Support Jumpoint Guide: Unattended Access to Computers in a Network 3. Requirements and Considerations to Install a Jumpoint 4.

Remote Support Jumpoint Guide: Unattended Access to Computers in a Network 3. Requirements and Considerations to Install a Jumpoint 4. Jumpoint Guide 2015 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of their respective owners.

More information

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES

OVERVIEW OF TYPICAL WINDOWS SERVER ROLES OVERVIEW OF TYPICAL WINDOWS SERVER ROLES Before you start Objectives: learn about common server roles which can be used in Windows environment. Prerequisites: no prerequisites. Key terms: network, server,

More information

Chapter 8 Router and Network Management

Chapter 8 Router and Network Management Chapter 8 Router and Network Management This chapter describes how to use the network management features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. These features can be found by

More information

Chapter 6 Using Network Monitoring Tools

Chapter 6 Using Network Monitoring Tools Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your Wireless-G Router Model WGR614v9. You can access these features by selecting the items under

More information