System Security Policy Management: Advanced Audit Tasks



Similar documents
How To Manage A System Vulnerability Management Program

Data Stored on a Windows Server Connected to a Network

Data Stored on a Windows Computer Connected to a Network

ALTIRIS Deployment Solution 6.8 PXE Overview

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Windows Operating Systems. Basic Security

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

GFI White Paper PCI-DSS compliance and GFI Software products

How To Secure An Rsa Authentication Agent

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

ALTIRIS CONNECTOR 6.0 FOR ACTIVE DIRECTORY HELP

Global Partner Management Notice

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Introduction. PCI DSS Overview

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

LANDesk White Paper. LANDesk Management Suite for Lenovo Secure Managed Client

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

Locking down a Hitachi ID Suite server

G/On. Basic Best Practice Reference Guide Version 6. For Public Use. Make Connectivity Easy

Security Best Practice

Did you know your security solution can help with PCI compliance too?

March

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

VMWARE Introduction ESX Server Architecture and the design of Virtual Machines

ANTI-VIRUS POLICY OCIO TABLE OF CONTENTS

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

Remote Deposit Terms of Use and Procedures

Network and Workstation Acceptable Use Policy

74% 96 Action Items. Compliance

PCI DSS Requirements - Security Controls and Processes

Desktop and Laptop Security Policy

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Network and Host-based Vulnerability Assessment

ALTIRIS Patch Management Solution 6.2 for Windows Help

Best Practices for DeltaV Cyber- Security

Attachment A Form to Describe Sensitive Data Security Plan for the Use of Sensitive Data from the National Longitudinal Study of Adolescent Health

USM IT Security Council Guide for Security Event Logging. Version 1.1

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

GE Measurement & Control. Cyber Security for NEI 08-09

System Management. What are my options for deploying System Management on remote computers?

Information Technology Security Procedures

Best Practices For Department Server and Enterprise System Checklist

Microsoft Windows Client Security Policy. Version 2.1 POL 033

Nine Steps to FISMA Compliance

Guide to Vulnerability Management for Small Companies

Kaseya IT Automation Framework

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Course: Information Security Management in e-governance

Compliance series Guide to meeting requirements of USGCB

MSP Center Plus Features Checklist

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Using WMI Scripts with BitDefender Client Security

Chapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014

The Self-Hack Audit Stephen James Payoff

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG

Data Management Policies. Sage ERP Online

SonicWALL PCI 1.1 Implementation Guide

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

Codes of Connection for Devices Connected to Newcastle University ICT Network

PCI Data Security Standards (DSS)

Larry Wilson Version 1.0 November, University Cyber-security Program Critical Asset Mapping

NetDefend Firewall UTM Services

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Central Agency for Information Technology

Achieving PCI-Compliance through Cyberoam

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

Section 12 MUST BE COMPLETED BY: 4/22

FISMA / NIST REVISION 3 COMPLIANCE

ALTIRIS HELPDESK SOLUTION 6.0 SP2 PRODUCT GUIDE

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Symantec Mail Security for Domino

How To Protect The Time System From Being Hacked

Managed Service Plans

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

Transcription:

System Security Policy Management: Advanced Audit Tasks White Paper October 6, 2005 2005 Altiris Inc. All rights reserved.

ABOUT ALTIRIS Altiris, Inc. is a pioneer of IT lifecycle management software that allows IT organizations to easily manage desktops, notebooks, thin clients, handhelds, industry-standard servers, and heterogeneous software including Windows, Linux, and UNIX. Altiris automates and simplifies IT projects throughout the life of an asset to reduce the cost and complexity of management. Altiris client and mobile, service and asset, server and infrastructure, and security and compliance management solutions natively integrate via a common Web-based console and repository. For more information, visit www.altiris.com. NOTICE The content in this document represents the current view of Altiris as of the date of publication. Because Altiris responds continually to changing market conditions, this document should not be interpreted as a commitment on the part of Altiris. Altiris cannot guarantee the accuracy of any information presented after the date of publication. Copyright 2005, Altiris, Inc. All rights reserved. Altiris, Inc. 588 West 400 South Lindon, UT 84042 Phone: (801) 226-8500 Fax: (801) 226-8506 BootWorks U.S. Patent No. 5,764,593. RapiDeploy U.S. Patent No. 6,144,992. Altiris, BootWorks, Inventory Solution, PC Transplant, RapiDeploy, and RapidInstall are registered trademarks of Altiris, Inc. in the United States. Carbon Copy is a registered trademark licensed to Altiris, Inc. in the United States and a registered trademark of Altiris, Inc. in other countries. Microsoft, Windows, and the Windows logo are trademarks, or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other brands and names are the property of their respective owners. Information in this document is subject to change without notice. For the latest documentation, visit www.altiris.com. www.altiris.com

CONTENTS Introduction... 1 Advanced Audit Tasks... 2 Industry Best-practices System Security Policy 2 Patch Management 2 Identification of Unauthorized Hardware and Software 2 Additional Audit Checks / Actions Needed for Comprehensive System Security... 3 USERS 3 ADMINISTRATOR ACCOUNTS 4 SYSTEM 5 FILES 6 IDENTIFY SOFTWARE OR SERVICES 7 IDENTIFY HARDWARE 8 www.altiris.com

www.altiris.com

INTRODUCTION This white paper details the components necessary to achieve comprehensive system security. Specifically, it illustrates many types of audit checks/actions that are critical to maintaining good system security, but are above and beyond implementing an industry best-practices system security policy, patch management solution, and unauthorized hardware/software identification protocol. www.altiris.com System Security Policy Management: Advanced Audit Tasks > 1

ADVANCED AUDIT TASKS Industry Best-practices System Security Policy System security policies typically consist of a base security policy such as SANS, NIST, NSA, Microsoft, or other industry standard best practices system security policies. These industry best practices system security policies address users and groups, registry settings, privileges, passwords, rights, and other system security settings. Most companies edit the base industry best practices policy to meet their own corporate standards by changing, deleting or adding certain system setting audit and compliance rules. Some companies create their own system security policies, but even those usually draw from industry best practice security policies. Patch Management In addition to the base system security policy, software patches need to be checked for most recent revisions and critical updates. Given the high frequency of new patch releases and the time-consuming process required to manually research each patch, it is almost impossible for companies to ensure ongoing system security compliance without the aid of an automated tool. Identification of Unauthorized Hardware and Software All organizations have a long list of unauthorized hardware and software that is critical to maintaining compliance with their corporate system security policy. Identifying and removing unauthorized hardware and software is critical to managing security risks because both could function as security vulnerabilities if exploited by a malicious user. 2 < System Security Policy Management: Advanced Audit Tasks www.altiris.com

ADDITIONAL AUDIT CHECKS / ACTIONS NEEDED FOR COMPREHENSIVE SYSTEM SECURITY USERS Show all users with default, blank, weak or expired passwords. Check for login activity. Find user accounts that have not been used in <n> days. Ensure user logins are disabled after a period of inactivity. Identify disabled or locked out accounts. Ensure guest accounts are disabled. Check Microsoft Internet Explorer settings against policy. Disable running Java applets in Internet Explorer. Ensure screen saver is password protected. Identify and delete cached roaming profiles. Ensure recycle bin is configured to remove files immediately upon deletion. Ensure anonymous, guest, and default login IDs are renamed, deleted, disabled or use strong authentication. Ensure login IDs are disabled after three consecutive failed login attempts. Run against L0phtcrack to check for weak passwords. If weak passwords are found and not corrected, this presents a security risk. Ensure users whose status has changed are not logging in. Ensure all active employees are logging in. Ensure temporary user accounts are not available and/or old accounts are no longer in existence. Ensure old accounts are no longer in existence. Identify accounts that may have been attacked. Guest accounts are open points of attack because they often have well-known passwords. If not properly configured, Microsoft Internet Explorer introduces many vulnerabilities. Java applets can be vulnerable to attack. If not, a logged in system is vulnerable when the user is away from it. Cached roaming profiles can be used to log in when not connected to the network. If not, sensitive data that was meant to be deleted is left in the recycle bin and therefore accessible. These login IDs are vulnerable because they often use shared or well-known passwords. Prevent password guessing attacks. www.altiris.com System Security Policy Management: Advanced Audit Tasks > 3

ADMINISTRATOR ACCOUNTS List existing administrator accounts. Rename administrator accounts. Ensure administrator account password has been changed in the last <n> days. View of all administrator accounts to understand magnitude of access rights. If the administrator account uses the default name, an attacker knows it. Decrease chance of a password cracking tool compromising an administrator account. Decrease useful life of a compromised password. Check for rogue administrator accounts. Ensure event log is tracking particular events. Ensure all activities performed by privileged IDs or roots are logged. Eliminate administrator accounts that are suspect.are disabled after a period of inactivity. Log information may be needed for investigation or repair of security incidents. These accounts have high privilege and therefore all account activities must be tracked. 4 < System Security Policy Management: Advanced Audit Tasks www.altiris.com

SYSTEM Drive should have at least 10% free. System should have at least two drives configured. Make sure disk space is available for smooth operation. Many systems separate the OS drive from the application and data drive. System programs are kept in a secure file system and protected from inappropriate use. Ensure system is member of the appropriate domain. Ensure workstation, diskette, hard drive, and other drives are not shared. Ensure Network Monitor Agent is not installed. Ensure time service is installed and running. Ensure OS is not configured to auto-start executables on CDs or diskettes upon introduction to reader device. Ensure all servers or devices configured to serve multiple entities are not being used as personal workstations. Domains serve as the basis for all access control. If any of these are shared, they can be compromised over the network. The system should not be allowed to sniff packets on the network. Proper time should be maintained by the system clock for software licenses and time-based authentication products. Prevent unintentional use of program on CDs or diskettes. Servers should not be used as personal users systems and/or desktops should not be shared to prevent the unintentional or unauthorized sharing of sensitive files. www.altiris.com System Security Policy Management: Advanced Audit Tasks > 5

FILES Show all variations of a worm or virus. Show all files with a given list of owners. Show all files with the following owner having access rights (permissions). Monitor access control list (ACL) to track who has access to particular files. Check for NTFS versus FAT file systems. Check for encrypted file system files (EFS). Identify presence of the file in order to delete or disable. Identify files on all systems owned by a particular user(s). This is particularly important if a user s status changes or if a user is suspected of inappropriate activity. Identify files on all systems where a particular user(s) has access rights. This is particularly important if a user s status changes or if a user is suspected of inappropriate activity. Important for the identification of unauthorized users who have access to critical files. NTFS provides access controls and is a more stable and secure file system than FAT. Make sure encryption policy is followed. This can mean data is required to be encrypted or data is required NOT to be encrypted. 6 < System Security Policy Management: Advanced Audit Tasks www.altiris.com

IDENTIFY SOFTWARE OR SERVICES Ensure virus detection software is on and at the latest version and definition. If virus detection software is not on, then detection and correction will not occur. If not the latest virus detection version, then ineffective virus detection. Time of last full antivirus run and result. Check for Kazaa downloader. Check for Instant Messaging. Check for P2P file-sharing programs. Check for FTP services. Check for MP3 player. Check for media player activities. Check for spyware and malware. Check for personal firewall. Ensure UPS or backup software is installed and running on servers. Report all services activated by particular software. Ensure Web servers (IIS, Apache, iplanet, WebSphere) are secure. Check for Sendmail. Ensure virus scanning is occurring to proactively detect problems. Prevent unauthorized work activities and unnecessary bandwidth utilization. Insecure or archived communications create vulnerabilities. Open up desktop and file access to a wide audience (desktop sharing, collaboration, etc.). FTP services can function as an unauthorized file transfer portal on an individual system. Prevent unauthorized work activities and unnecessary bandwidth utilization. Prevent unauthorized work activities and unnecessary bandwidth utilization. Identify and eliminate programs that are tracking activities on systems by looking for particular files, programs, or services. Identify systems with or without personal firewalls, per corporate security policy. Ensure critical servers are protected in the event of a power outage. Certain services are required for a server s mission and must be running; services not required utilize resources and may introduce vulnerabilities. Remove vulnerabilities introduced by default server configuration settings and included sample Web applications. The UNIX mail service is often started by default and has many vulnerabilities. www.altiris.com System Security Policy Management: Advanced Audit Tasks > 7

IDENTIFY HARDWARE Check for PDA software to identify who has a PDA. Check for modem. Check for wireless access network interface card (NIC). Check for wireless devices connected in a promiscuous manner. Check for enabled USB drives. List hardware component attributes. Unauthorized PDAs allow data out to be taken out of corporate control. Unauthorized modems present easy entry access, especially with auto-answer set to on. Unauthorized wireless communication devices allow for easy entry access, especially if WEP is not turned on. Run a scan for open channels. Wireless devices, such as 802.11b NIC, open up wireless access entry points. Identify and disable USB drivers. This prevents unauthorized copying of files on secured servers that do not have floppy or CD drives. Check for system operational attributes such as processor, memory, system utilization, etc. 8 < System Security Policy Management: Advanced Audit Tasks www.altiris.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information