Belarc Advisor Security Benchmark Summary

Similar documents
Windows Server 2008/2012 Server Hardening

Web. Security Options Comparison

About Microsoft Windows Server 2003

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

Windows Server 2003 Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Security Settings for Domain Member Servers

Windows Server 2003 Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Security Settings for Domain Member Servers

Windows Operating Systems. Basic Security

Windows Server 2003 Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Security Settings for Domain Controllers

Security Options... 1

Defense Security Service Office of the Designated Approving Authority

CIS Microsoft Windows Server v Benchmark

Secure configuration document

How To Set A Group Policy On A Computer With A Network Security Policy On Itunes.Com (For Acedo) On A Pc Or Mac Mac (For An Ubuntu) On An Ubode (For Mac) On Pc Or Ip

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt 31/03/ L Wyatt Update to procedure

NNT CIS Microsoft Windows Server 2008 R2 Benchmark Level 1 Member Server v

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark

CIS Microsoft Windows Server Benchmark. v

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)

Diebold Security Analysis of ATM Operating and Application Systems Using the Center for Internet Security Scoring Tool

Defense Security Service Industrial Security Field Operations NISP Authorization Office. Technical Assessment Guide for Windows 7 Operating System

Activity 1: Scanning with Windows Defender

CIS Microsoft Windows 7 Benchmark. v

Microsoft Solutions for Security and Compliance. Windows Server 2003 Security Guide

Default Domain Policy Data collected on: 10/12/2012 5:28:08 PM General

Security Configuration Benchmark For. Microsoft Windows 7. Version July 30 th 2010

NNT PCI DSS Microsoft Windows Server 2012 R2 Benchmark 12/17/ :37

Agency Pre Migration Tasks

Objectives. At the end of this chapter students should be able to:

Locking down a Hitachi ID Suite server

Roles for Servers in the SCW Database

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Before deploying SiteAudit it is recommended to review the information below. This will ensure efficient installation and operation of SiteAudit.

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Q&A. DEMO Version

Kepware Technologies Remote OPC DA Quick Start Guide (DCOM)

Microsoft Windows Server 2008

Windows NT Server Operating System Security Features Carol A. Siegel Payoff

NETWRIX PASSWORD MANAGER

Windows XP Professional Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Baseline Security Settings

DC Agent Troubleshooting

Microsoft Baseline Security Analyzer

Windows Server 2003 default services


CHARON-VAX application note

A Guide to New Features in Propalms OneGate 4.0

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab

By Citrix Consulting Services. Citrix Systems, Inc.

Black Viper's Windows XP Home and Professional Service Pack 2 Service Configurations (Posted because his site went down inexplicably)

PowerPanel Business Edition USER MANUAL

nappliance misa Server 2006 Standard Edition Users Guide For use with misa Appliances 2006 nappliance Networks, Inc.

Remote Administration

Set 'Reset account lockout counter after' to '15' or more

Web Plus Security Features and Recommendations

Windows 2000/Active Directory Security

Quick Scan Features Setup Guide. Scan to Setup. See also: System Administration Guide: Contains details about setup.

New Boundary Technologies Financial Modernization Act of 1999 (Gramm-Leach-Bliley Act) Security Guide

StruxureWare Power Monitoring 7.0.1

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Quick Scan Features Setup Guide

Release Notes for Websense Security v7.2

SQL Server Hardening

Windows IIS Server hardening checklist

2X SecureRemoteDesktop. Version 1.1

NETASQ MIGRATING FROM V8 TO V9

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Windows 7 / Server 2008 R2 Configuration Overview. By: Robert Huth Dated: March 2014

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Hardening IIS Servers

74% 96 Action Items. Compliance

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

ecopy ShareScan v4.3 Pre-Installation Checklist

System Security Policy Management: Advanced Audit Tasks

Achieving PCI-Compliance through Cyberoam

Microsoft XP Professional Remote Desktop Connection

March

LifeSize Control Installation Guide

Windows security for n00bs part 1 Security architecture & Access Control

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

SyAM Software Management Utilities. Creating Templates

Setup process for a secure workstation

New Boundary Technologies HIPAA Security Guide

7.1. Remote Access Connection

Installation Notes for Outpost Network Security (ONS) version 3.2

Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations

Chapter 2 Editor s Note:

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

Windows 2003 Server Hardening Checklist

How to Secure a Groove Manager Web Site

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

70-685: Enterprise Desktop Support Technician

Deployment Guide for Maximum Security Environments Polycom HDX Systems, Version 3.0.5

Endpoint Security VPN for Mac

Kaseya 2. User Guide. for Network Monitor 4.1

Citrix Access on SonicWALL SSL VPN

Transcription:

Page 1 of 5 The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server. About Belarc System Management Products Back to Profile Summary Click any setting at right for documentation. Security Benchmark Score Details Computer Name: rdpdata (in RDP) Chinquapin Data Server Profile Date: Wednesday, February 08, 2012 11:27:59 PM Advisor Version: 8.2g Windows Logon: administrator Click here for Belarc's products, for large and small companies. Score: 3.96 of 10 (more on this score...) Benchmark: CIS Win2003 Domain Controller Legacy, Version 1.1 = Pass = Fail Service Packs and Hotfixes Current Service Pack Section Score: 1.25 of 1.25 1. Latest Service Pack Critical and Security Hotfixes Section Score: 1.25 of 1.25 1. Latest Critical and Security Hotfixes Account and Audit Policies Password Policies Section Score: 0.00 of 0.83 1. Current Password Ages 2. Minimum Password Length Audit and Account Policies Section Score: 0.00 of 0.83 1. Audit Account Logon Events 2. Audit Account Management 3. Audit Logon Events 4. Audit Object Access 5. Audit Policy Change 6. Audit System Events 7. Minimum Password Age 8. Maximum Password Age 9. Password Complexity 10. Store Passwords using Reversible Encryption 11. Password History Size 12. Account Lockout Duration 13. Account Lockout Threshold 14. Reset Account Lockout Count Time Event Log Policies Section Score: 0.83 of 0.83 1. Application Event Log: Maximum Size 2. Application Event Log: Restrict Guest Access 3. Security Event Log: Maximum Size 4. Security Event Log: Restrict Guest Access Why are s important for IT? Many current threats are not stopped by perimeter systems such as firewall and anti-virus systems. Setting and monitoring configurations based on consensus s is a critical step because this is a pro-active way to avoid many successful attacks. The U.S. National Security Agency has found that configuring computers with proper settings blocks 90% of the existing threats ("Security Benchmarks: A Gold Standard." IA Newsletter, vol. 5 no. 3 Click here to view) To request a copy of our white paper, "Securing the Enterprise", click here. What is the USGCB Benchmark? The United States Configuration Baseline (USGCB) is a US OMB-mandated configuration for Windows 7 and Internet Explorer 8. Developed by DoD, with NIST

Page 2 of 5 5. System Event Log: Maximum Size 6. System Event Log: Restrict Guest Access Security Settings Security Options Section Score: 0.00 of 2.50 1. Accounts: Guest Account Status 2. Accounts: Limit Local Account Use of Blank Passwords to Console Logon Only 3. Accounts: Rename Administrator Account 4. Accounts: Rename Guest Account 5. Devices: Allowed to Format and Eject Removable Media 6. Devices: Prevent users from Installing Device Drivers 7. Devices: Unsigned Driver Installation Behavior 8. Domain Controller: Allow Server Operators to Schedule Tasks 9. Domain Controller: Refuse Machine Account Password Changes 10. Domain Member: Digitally Encrypt Secure Channel Data (When Possible) 11. Domain Member: Digitally Sign Secure Channel Data (When Possible) 12. Domain Member: Disable Machine Account Password Changes 13. Domain Member: Maximum Machine Account Password Age 14. Interactive Logon: Do Not Display Last User Name 15. Interactive Logon: Do Not Require CTRL+ALT+DEL 16. Interactive Logon: Message Text for Users Attempting to Log On 17. Interactive Logon: Message Title for Users Attempting to Log On 18. Interactive Logon: Prompt User to Change Password Before Expiration 19. Interactive Logon: Smart Card Removal Behavior 20. Microsoft Network Client: Digitally Sign Communication (if server agrees) Microsoft Network Client: Send Unencrypted Password to Connect to Third-Party 21. SMB Server Microsoft Network Server: Amount of Idle Time Required Before Disconnecting 22. Session 23. Microsoft Network Server: Digitally Sign Communication (if client agrees) 24. Microsoft Network Server: Disconnect Clients When Logon Hours Expire 25. Network Access: Let Everyone Permissions Apply to Anonymous Users 26. Network Access: Named Pipes That Can Be Accessed Anonymously 27. Network Access: Remotely Accessible Registry Paths 28. Network Access: Remotely Accessible Registry Paths and sub-paths 29. Network Access: Restrict Anonymous Access to Named Pipes and Shares 30. Network Access: Shares That Can Be Accessed Anonymously 31. Network Access: Sharing and Security Model for Local Accounts 32. Network Security: LAN Manager Authentication Level 33. Network Security: LDAP Client Signing Requirements 34. Recovery Console: Allow Automatic Administrative Log On 35. Shutdown: Allow System to be Shut Down Without Having to Log On System Cryptography: Force Strong Key Protection for User Keys Stored on the 36. Computer System Objects: Default Owner for Objects Created by Members of the 37. Administrators Group 38. System Objects: Strengthen Default Permissions of Internal System Objects 39. System Settings: Optional Subsystems MSS: (AFD DynamicBacklogGrowthDelta) Number of Connections to Create When 40. Additional Connections are Necessary for Winsock Applications (10 recommended) MSS: (AFD EnableDynamicBacklog) Enable Dynamic Backlog for Winsock 41. Applications (recommended) MSS: (AFD MaximumDynamicBacklog) Maximum Number of 'quasi-free' 42. Connections for Winsock Applications MSS: (AFD MinimumDynamicBacklog) Minimum Number of Free Connections for 43. Winsock Applications (20 recommended for systems under attack, 10 otherwise) 44. MSS: (DisableIPSOurceRouting) IP Source Routing Protection Level assistance, the is the product of DoD consensus. Click here for details. What are FDCC Benchmarks? The Federal Desktop Core Configuration (FDCC) is a US OMB-mandated configuration for Windows Vista and XP. The Windows Vista FDCC is based on DoD the Microsoft Security Guides for both Windows Vista and Internet Explorer 7.0. Microsoft's Vista Security Guide was produced through a collaborative effort with DISA, NSA, and NIST, reflecting the consensus recommended settings from DISA, NSA, and NIST. The Windows XP FDCC is based on US Air Force the Specialized Security-Limited Functionality (SSLF) recommendations in NIST SP 800-68 and DoD the recommendations in Microsoft's Security Guide for Internet Explorer 7.0. Click here for details. What are CIS Benchmarks? Center for Internet Security (CIS) s are developed by CIS members and staff and are consensus based, best-practice configurations for

Page 3 of 5 MSS: (EnableDeadGWDetect) Allow Automatic Detection of Dead Network 45. Gateways MSS: (EnableICMPRedirect) Allow ICMP Redirects to Override OSPF Generated 46. Routes MSS: (NoNameReleaseOnDemand) Allow the Computer to Ignore NetBIOS Name 47. Release Requests Except From WINS Servers MSS: (Perform Router Discovery) Allow IRDP to Detect and Configure Default 48. Gateway Addresses 49. MSS: (SynAttackProtect) Syn Attack Protection Level MSS: (TCPMaxConnectResponseRetransmissions) SYN - ACK Retransmissions 50. When a Connection Request is not Acknowledged MSS: (TCPMaxDataRetransmissions) How Many Times Unacknowledged Data is 51. Retransmitted (3 recommended, 5 is default) MSS: (TCPMaxPortsExhausted) How Many Dropped Connect Requests to Initiate 52. SYN Attack Protection (5 is recommended) 53. MSS: Disable Autorun for All Drives 54. MSS: Enable Safe DLL Search Mode 55. MSS: How Often Keep-alive Packets are Sent in Milliseconds 56. MSS: The time in seconds before the screen saver grace period expires Available Services and Other Requirements Available Services Section Score: 0.00 of 0.63 1. Alerter Service Permissions 2. Client Service for Netware Permissions 3. Clipbook Service Permissions 4. FAX Service Permissions 5. File Replication Service Permissions 6. File Server for Macintosh Permissions 7. FTP Publishing Service Permissions 8. Help and Support Service Permissions 9. HTTP SSL Service Permissions 10. IIS Admin Service Permissions 11. Indexing Service Permissions 12. License Logging Service Permissions 13. Messenger Service Permissions 14. Microsoft POP3 Service Permissions 15. NetMeeting Remote Desktop Sharing Service Permissions 16. Network Connections Service Permissions 17. Network News Transport Protocol Service Permissions 18. Print Server for Macintosh Permissions 19. Remote Access Auto Connection Manager Service Permissions 20. Remote Access Connection Manager Service Permissions 21. Remote Administration Service Permissions 22. Remote Desktop Help Session Manager Permissions 23. Remote Installation Service Permissions 24. Remote Procedure Call (RPC) Locator Service Permissions 25. Remote Server Manager Service Permissions 26. Remote Server Monitor Service Permissions 27. Remote Storage Notification Service Permissions 28. Remote Storage Server Permissions 29. SMTP Service Permissions 30. SNMP Service Permissions 31. SNMP Trap Permissions 32. Telephony Service Permissions 33. Telnet Service Permissions 34. Trivial FTP Daemon Permissions 35. Wireless Configuration Service Permissions computers connected to the Internet. The CIS is an open association consisting of industry, government and academic members. Its mission is to help IT organizations more effectively manage their risks related to information. Click here for details. What is the Security Benchmark Score? The Belarc Advisor has audited the of your computer using a appropriate to your operating system. The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats. The higher the number the less vulnerable your system. How can you reduce your vulnerability? The local group policy editor (accessed by running the gpedit.msc command) can be used to configure settings for your computer. Windows home editions don't include that editor, but most settings can also be made with registry entries instead. Warning: Applying these settings may cause some applications to stop working correctly. Back up your system prior to applying

Page 4 of 5 36. World Wide Web Publishing Services Permissions User Rights Section Score: 0.00 of 0.63 1. Act as Part of the Operating System 2. Allow Logon Locally 3. Allow Logon through Terminal Services 4. Change the System Time 5. Create a Token Object 6. Create Permanent Shared Objects 7. Debug Programs 8. Enable Computer and User Accounts to be Trusted for Delegation 9. Impersonate a Client after Authentication 10. Load and Unload Device Drivers 11. Log on as a Batch Job 12. Replace a Process Level Token 13. Synchronize Directory Service Data 14. Take Ownership of File or Other Objects Other System Requirements Section Score: 0.63 of 0.63 1. All Local Volumes NTFS 2. Restricted Group: Remote Desktop Users these templates or apply the templates on a test system first. For domain member computers, the configurations are available from the creator's web site as Microsoft Group Policy Object files that can be used with Active Directory. Follow the links above to the web site of your Benchmark's creator. File and Registry Permissions Section Score: 0.00 of 0.63 1. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer 2. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies 3. HKLM\System\CurrentControlSet\Enum 4. HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers 5. HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities 6. USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots HKLM\SOFTWARE\Microsoft\Windows 7. NT\CurrentVersion\SeCEdit 8. %SystemRoot%\system32\tftp.exe 9. %SystemRoot%\system32\telnet.exe 10. %SystemRoot%\system32\tlntsvr.exe 11. %SystemRoot%\system32\subst.exe 12. %SystemRoot%\system32\sc.exe 13. %SystemRoot%\system32\runas.exe 14. %SystemRoot%\system32\rsh.exe 15. %SystemRoot%\system32\rexec.exe 16. %SystemRoot%\system32\regsvr32.exe 17. %SystemRoot%\system32\regedt32.exe 18. %SystemRoot%\regedit.exe 19. %SystemRoot%\system32\reg.exe 20. %SystemRoot%\system32\rcp.exe 21. %SystemRoot%\system32\netsh.exe 22. %SystemRoot%\system32\net1.exe 23. %SystemRoot%\system32\net.exe 24. %SystemRoot%\system32\ftp.exe 25. %SystemRoot%\system32\eventtriggers.exe 26. %SystemRoot%\system32\eventcreate.exe 27. %SystemRoot%\system32\edlin.exe 28. %SystemRoot%\system32\drwtsn32.exe 29. %SystemRoot%\system32\drwatson.exe 30. %SystemRoot%\system32\debug.exe

Page 5 of 5 31. %SystemRoot%\system32\cacls.exe 32. %SystemRoot%\system32\attrib.exe 33. %SystemRoot%\system32\at.exe Copyright 2000-12, Belarc, Inc. All rights reserved. Legal notice. U.S. Patents 5665951, 6085229 and Patents pending.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information