Network Assessment. Prepared For: Prospect Or Customer Prepared By: Your Company Name

Similar documents
GFI White Paper PCI-DSS compliance and GFI Software products

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

Central Agency for Information Technology

Better secure IT equipment and systems

Step-by-Step Guide to Securing Windows XP Professional with Service Pack 2 in Small and Medium Businesses

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Client Security Risk Assessment Questionnaire

Department of Education. Network Security Controls. Information Technology Audit

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

Network Assessment Client Risk Report Demo

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Global Partner Management Notice

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Workflow Templates Library

Real World Healthcare Security Exposures. Brian Selfridge, Partner, Meditology Services

Check Point and Security Best Practices. December 2013 Presented by David Rawle

U.S. Department of Energy Office of Inspector General Office of Audits & Inspections. Evaluation Report

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

CKAHU Symposium Cyber-Security

THE OPEN UNIVERSITY OF TANZANIA

Office of Inspector General

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

Guideline on Auditing and Log Management

Host/Platform Security. Module 11

CITY OF BOULDER *** POLICIES AND PROCEDURES

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Miami University. Payment Card Data Security Policy

U.S. Department of Energy Office of Inspector General Office of Audits and Inspections

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

State of South Carolina Policy Guidance and Training

PCI Compliance. Top 10 Questions & Answers

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

Security Management. Keeping the IT Security Administrator Busy

Best Practices For Department Server and Enterprise System Checklist

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Data Stored on a Windows Server Connected to a Network

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

FFIEC CONSUMER GUIDANCE

Catapult PCI Compliance

PCI Compliance Top 10 Questions and Answers

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations


EVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07

Cyber Self Assessment

Automation Suite for. 201 CMR Compliance

Symantec AntiVirus Corporate Edition Patch Update

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2

Virto Create & Clone AD User Web Part for Microsoft SharePoint. Release Installation and User Guide

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

Technical Proposition. Security

Active Directory Cleaner User Guide 1. Active Directory Cleaner User Guide

RL Solutions Hosting Service Level Agreement

Fundamentals of a Windows Server Infrastructure MOC 10967

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

ONLINE BANKING SECURITY TIPS FOR OUR BUSINESS CLIENTS

2012 Endpoint Security Best Practices Survey

FileCloud Security FAQ

Hardware and Software Security

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Locking down a Hitachi ID Suite server

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Management (CSM) Capability

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

LogRhythm and NERC CIP Compliance

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

Preparing to Install SQL Server 2005

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Airtel PC Secure Trouble Shooting Guide

California State University, Chico. Information Security Incident Management Plan

Transcription:

Network Assessment Prepared For: Prospect Or Customer Prepared By: Your Company Name

Environment Risk and Issue Score Issue Review Next Steps Agenda

Environment - Overview Domain Domain Controllers 4 Number of Organizational Units 13 Users # Enabled 51 Last Login within 30 days 24 Last Login older than 30 days 27 # Disabled 28 Last Login within 30 days 0 Last Login older than 30 days 28 Security Group Groups with Users 31 # Total Groups 60 Computers in Domain Total Computers 153 Last Login within 30 days 52 Last Login older than 30 days 101

Environment - Patching

Risk and Issue Score Current Risk Score Current Issue Score

Unsupported Operating Systems (97 pts) Issue: 30 computers were found using an operating system that is no longer supported. Unsupported operating systems no longer receive vital security patches and present an inherent risk. Recommendation: Upgrade or replace computers with operating systems that are no longer supported.

User has not logged in in 30 days (13 pts) Issue: Users that have not logged in in 30 days could be from a former employee or vendor and should be disabled or removed. Recommendation: Disable or remove user accounts for users that have not logged in in 30 days.

User password set to never expire (80 pts) Issue: User accounts with passwords set to never expire present a risk of use by authorized users. They are more easily compromised than passwords that are routinely changed. Recommendation: Investigate all accounts with passwords set to never expire and configure them to expire regularly.

Significantly high number of Domain Administrators (35 pts) Issue: More than 30% of the users are in the Domain Administrator group and have unfettered access to files and system resources. Compromised Domain Administrator accounts pose a higher threat than typical users and may lead to a breach. Recommendation: Evaluate the need to have more than 30% of users in the Domain Administrator group and limit administrative access to the minimum necessary.

Anti-virus not installed (94 pts) Issue: Anti-virus software was not detected on some computers. Without adequate anti-virus and anti-spyware protection on all workstations and servers, the risk of acquiring malicious software is significant. Recommendation: To prevent both security and productivity issues, we strongly recommend assuring anti-virus is deployed to all possible endpoints.

Anti-spyware not installed (94 pts) Issue: Anti-virus software was not detected on some computers. Without adequate anti-virus and anti-spyware protection on all workstations and servers, the risk of acquiring malicious software is significant. Recommendation: To prevent both security and productivity issues, we strongly recommend assuring anti-spyware is deployed to all possible endpoints.

LOTS of Security patches missing on computers (90 pts) Issue: Security patches are missing on computers. Maintaining proper security patch levels helps prevent unauthorized access and the spread of malicious software. Lots is defined as missing 3 or more patches. Recommendation: Address patching on computers with missing security patches.

Inactive Computers (15 pts) Issue: 102 computers were found as having not checked in during the past 30 days. Recommendation: Investigate the list of inactive computers and determine if they should be removed from Active Directory, rejoined to the network, or powered on.

Un-populated Organization Units (10 pts) Issue: Empty Organizational Units (OU) were found in Active Directory. They may not be needed and should be removed to prevent misconfiguration. Recommendation: Remove or populate empty Organizational Units.

Potential Password Strength Risks (100 pts) Issue: Local account passwords on 2 were found to be potentially weak. Inadequate or weak passwords on local accounts can allow a hacker to compromise the system. It can also lead to the spread of malicious software that can cause business and productivity affecting issues. Recommendation: We recommend placing adequate password strength requirements in place and remediate the immediate password issues on the identified systems.

Operating System in Extended Support (20 pts) Issue: 16 computers were found using an operating system that is in extended supported. Extended support is a warning period before an operating is no longer supported by the manufacturer and will no longer receive support or patches. Recommendation: Upgrade computers that have operating systems in Extended Support before end of life.

Potential Disk Space Issue (68 pts) Issue: Computers were found with significantly low free disk space. Recommendation: Free or add additional disk space for the specified drives.

Next Steps Agree on List of Issues to Resolve Present Project Estimates and Costs Establish Timelines Set Milestones Get Signoff to Begin Work

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information