Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark



Similar documents
Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark. For Windows Server 2008 (Domain Member Servers and Domain Controllers)

Windows Server 2008/2012 Server Hardening

Objectives. At the end of this chapter students should be able to:

About Microsoft Windows Server 2003

PATCHING WINDOWS SERVER 2012 DOMAIN CONTROLLERS. Prepared By: Sainath K.E.V MVP Directory Services

Virto Password Reset Web Part for SharePoint. Release Installation and User Guide

Symantec Backup Exec 12.5 for Windows Servers. Quick Installation Guide

SIEMENS. Sven Lehmberg. ZT IK 3, Siemens CERT. Siemens AG 2000 Siemens CERT Team / 1

Windows NT Server Operating System Security Features Carol A. Siegel Payoff

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Defense Security Service Office of the Designated Approving Authority Standardization of Baseline Technical Security Configurations

Desktop Web Access Single Sign-On Configuration Guide

Password Reset Server Installation Guide Windows 8 / 8.1 Windows Server 2012 / R2

Virto Create & Clone AD User Web Part for Microsoft SharePoint. Release Installation and User Guide

Microsoft Auditing Events for Windows 2000/2003 Active Directory. By Ed Ziots Version 1.6 9/20/2005

WhatsUp Gold v16.1 Installation and Configuration Guide

Symantec Backup Exec TM 11d for Windows Servers. Quick Installation Guide

Securing Remote Desktop for Windows XP

Integrating LANGuardian with Active Directory

support HP MFP Scan Setup Wizard 1.1

WhatsUp Gold v16.2 Installation and Configuration Guide

Walton Centre. Document History Date Version Author Changes 01/10/ A Cobain L Wyatt 31/03/ L Wyatt Update to procedure

DIRECTORY PASSWORD V1.2 Quick Start Guide

ECA IIS Instructions. January 2005

Setup guide. TELUS AD Sync

Windows Operating Systems. Basic Security

Symantec Enterprise Security Manager Policy Manual for Visa Cardholder Information Security Program (CISP) For Windows

How To - Implement Single Sign On Authentication with Active Directory

Symantec Mail Security for Microsoft Exchange Management Pack Integration Guide

Symantec Endpoint Encryption Full Disk

User Management Tool 1.5

INSTALLATION INSTRUCTIONS FOR UKSSOGATEWAY

User Guide. Version R91. English

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Server Manager Performance Monitor. Server Manager Diagnostics Page. . Information. . Audit Success. . Audit Failure

Erado Archiving & Setup Instruction Microsoft Exchange 2007 Push Journaling

Quick Start Guide. IT Management On-Demand

Out n About! for Outlook Electronic In/Out Status Board. Administrators Guide. Version 3.x

NetWrix Password Manager. Quick Start Guide

Web. Security Options Comparison

Microsoft Corporation. Project Server 2010 Installation Guide

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

Belarc Advisor Security Benchmark Summary

How To Create An Easybelle History Database On A Microsoft Powerbook (Windows)

CruzNet Secure Set-Up Instructions for Windows Vista

Xythos on Demand Quick Start Guide For Xythos Drive

Managing and Maintaining a Windows Server 2003 Network Environment

Chapter 1 Scenario 1: Acme Corporation

3 Setting up Databases on a Microsoft SQL 7.0 Server

WhatsUp Gold v16.3 Installation and Configuration Guide

Server Manager Help 10/6/2014 1

End User Configuration

Experion LX System Administration Guide

Windows Security Scoring Tool Implementation Guide v2.0.1

How To Set Up Dataprotect

Secrets of Event Viewer for Active Directory Security Auditing Lepide Software

VERITAS Backup Exec TM 10.0 for Windows Servers

NETWRIX WINDOWS SERVER CHANGE REPORTER

Backup of data residing on Open-E Data Storage Software with Backup Exec

VERITAS Backup Exec 9.1 for Windows Servers Quick Installation Guide

Defense Security Service Office of the Designated Approving Authority

Metalogix SharePoint Backup. Advanced Installation Guide. Publication Date: August 24, 2015

How to Configure a Stress Test Project for Microsoft Office SharePoint Server 2007 using Visual Studio Team Suite 2008.

Symantec Backup Exec 2010 R2. Quick Installation Guide

Upgrading from MSDE to SQL Server 2005 Express Edition with Advanced Services SP2

SafeGuard Enterprise Administrator help

WatchGuard Mobile User VPN Guide

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Table of Contents. TPM Configuration Procedure Configuring the System BIOS... 2

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

DriveLock and Windows 7

Getting Started - Client VPN

Welcome to the QuickStart Guide

NETWRIX IDENTITY MANAGEMENT SUITE

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

CONNECT-TO-CHOP USER GUIDE

Fus - Exchange ControlPanel Admin Guide Feb V1.0. Exchange ControlPanel Administration Guide

Delegated Administration Quick Start

kalmstrom.com Business Solutions

PLANNING AND DESIGNING GROUP POLICY, PART 1

RoomWizard Synchronization Software Manual Installation Instructions

Symantec Enterprise Security Manager Baseline Policy Manual for NERC Standard 1200

Publish Cisco VXC Manager GUI as Microsoft RDS Remote App

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Defender Token Deployment System Quick Start Guide

Installation Guide. Novell Storage Manager for Active Directory. Novell Storage Manager for Active Directory Installation Guide

SafeWord Domain Login Agent Step-by-Step Guide

QUANTIFY INSTALLATION GUIDE

How To Use 1Bay 1Bay From Awn.Net On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Network Box (For Mac) With An Ipad Or Ipod (For Ipad) With The

1. Product Information

Partie Serveur Lab : Implement Group Policy. Create, Edit and Link GPOs. Lab : Explore Group Policy Settings and Features

Quick Start Guide. Hosting Your Domain

Installing, Configuring, and Managing a Microsoft Active Directory

SECURITY BEST PRACTICES FOR CISCO PERSONAL ASSISTANT (1.4X)

4cast Client Specification and Installation

CLEO NED Active Directory Integration. Version 1.2.0

Installing the Virtual Desktop Application (MAC)

Virto Active Directory Service for SharePoint. Release Installation and User Guide

Transcription:

Symantec Enterprise Security Manager Baseline Policy Manual for CIS Benchmark For Windows Server 2008 Domain Controllers Version: 3.0.0

Symantec Enterprise Security Manager Baseline Policy Manual for Windows Server 2008 Domain Controllers This document includes the following topics: Introducing the policy Installing the policy Introducing the policy The Symantec Enterprise Security Manager (ESM) Baseline Policy for the Center for Internet Security (CIS) Benchmark for Windows Server 2008 assesses a host's compliance with the benchmark's recommendations. This release of the policy was built based on the CIS benchmark version 1.0.0 for Windows Server 2008 Domain Controllers. This policy can be installed on Symantec ESM 10.0 and later managers running Security Update 40 or later on Microsoft Windows Server 2008 Domain Controllers. This release of the policy is based on the following CIS document: Version 1.0.0 of the Windows Server 2008 Domain Controllers

4 Symantec Enterprise Security Manager Baseline Policy Manual for Windows Server 2008 Domain Controllers Installing the policy This policy can be installed on Symantec ESM 10 and later managers running Security Update 40 or later. CIS Benchmark for Windows 2008 Policy can be installed on the following operating system: Microsoft Windows Server 2008 (Domain Controllers) Security Essentials for Windows 2008 R2 Policy can be installed on the following operating system: Microsoft Windows Server 2008 R2 (Domain Controllers) For information on the Center for Internet Security benchmarks, visit the following URL: http://www.cisecurity.org. Installing the policy Before you install the policy, you must decide on the Symantec ESM Managers that you want to install the policy. Since policies run on Managers, you do not require to install policies on agents. You must install the policy on Symantec ESM 10 or later with Security Update 40 or later. Obtaining and Installing the policy with LiveUpdate You can install the LiveUpdate feature in the following ways: By using the LiveUpdate feature on the Symantec ESM console By using files from a Product disc or from the Internet To install the policy using LiveUpdate 1 Connect the Symantec ESM Enterprise Console to managers where you want to install the policy. 2 Click the LiveUpdate icon to start the LiveUpdate wizard. 3 In the wizard, ensure that Symantec LiveUpdate (Internet) is selected, and then click Next. 4 In the Welcome to LiveUpdate dialog box, click Next. 5 In the Available Updates panel, do one of the following: To install all checked products and components, click Next. To omit a product from the update, uncheck it, and then click Next.

Symantec Enterprise Security Manager Baseline Policy Manual for Windows Server 2008 Domain Controllers Installing the policy 5 To omit a product component, expand the product node, uncheck the component that you want to omit, and then click Next. 6 In the Thank you panel, click Finish. 7 In the list of managers panel, ensure that all the managers that you want to update are checked, and then click Next. 8 In the Updating Managers panel, click OK. 9 In the Update Complete panel, click Finish. If you cannot use LiveUpdate to install the policy directly from a Symantec server, you can install the policy manually, using files from a Product disc or the Internet. Note: To avoid conflicts with updates that are performed by standard LiveUpdate installations, copy or extract the files into the LiveUpdate folder, which is usually Program Files/Symantec/LiveUpdate. To install the policy from a Product disc or from the Internet 1 Connect the Symantec ESM Enterprise Console to managers that you want to update. 2 From the Symantec Security Response Web site, download the executable files for Microsoft Windows Server 2008. You can go to the following link http://securityresponse.symantec.com 3 On a computer running Windows XP/Server 2008 that has network access to the manager, run the executable that you downloaded from the Symantec Security Response Web site. 4 Click Next to close the Welcome dialog box. 5 In the License Agreement dialog box, if you agree to the terms of the agreement, click Yes. 6 In the Question panel, click Yes to continue installation of the best practice policy. 7 In the ESM Manager Information panel, type the requested manager information, and then click Next. If the manager s modules have not been upgraded to Security Update 44 or later, the installation program returns an error message and stops the installation. Upgrade the manager to Security Update 43 or later, and then rerun the installation program. 8 Click Finish.

6 Symantec Enterprise Security Manager Baseline Policy Manual for Windows Server 2008 Domain Controllers Account Integrity The CIS Benchmark for Windows policy include the modules that ensure compliance with the CIS benchmark. Each module lists the enabled checks with the standards that they address, the associated name lists, and the templates. As specific values are not required everywhere, default values and templates are provided. Moreover, a few benchmark requirements depend on the local policy decisions and hence you must set the checks that associates with such requirements. Although the policy appears as read only, you can however copy and rename the policy depending on the requirements of your corporate security policy. The Account Integrity module reports the user rights assignments of your computer. Table 1-1 gives a list of the checks and their s. Table 1-1 s and s Access credential manager as a trusted caller Access this computer from network Act as part of operating system Add workstation to domain Adjust memory quotas for a process Allow logon locally Allow logon through Terminal Services Back up files and directories Bypass traverse checking Change the system time Change the time zone Create a token object Create a pagefile 1.8.39 1.8.1 1.8.2 1.8.27 1.8.3 1.8.28 1.8.29 1.8.4 1.8.5 1.8.6 1.8.30 1.8.8 1.8.7

Symantec Enterprise Security Manager Baseline Policy Manual for Windows Server 2008 Domain Controllers 7 Table 1-1 s and s (continued) Create global objects Create permanent shared objects Create symbolic links Debug programs Deny access to this computer from the network Deny logon locally Deny logon through Terminal Services Enable computer and user accounts to be trusted for delegation Force shutdown from a remote system Generate security audits Impersonate a client from authentication Increase a process working Increase scheduling priority Load and unload device drivers Lock pages in memory Log on as batch job Manage auditing and security log Modify firmware environment values Perform volume maintenance tasks Profile single process Profile system performance Remove computer from docking station Replace a process level token Shut down the system 1.8.9 1.8.10 1.8.31 1.8.11 1.8.12 1.8.32 1.8.33 1.8.13 1.8.14 1.8.34 1.8.15 1.8.35 1.8.16 1.8.17 1.8.18 1.8.36 1.8.19 1.8.20 1.8.21 1.8.22 1.8.23 1.8.24 1.8.25 1.8.26

8 Symantec Enterprise Security Manager Baseline Policy Manual for Windows Server 2008 Domain Controllers Table 1-1 s and s (continued) Restore files and directories Take ownership of files or other objects Synchronize directory service data 1.8.37 1.8.38 1.8.40 Active Directory The Active Directory module for Windows Server 2008 reports on the security options. Table 1-2 gives a list of the checks and their s. Table 1-2 s and s Enforce user login restrictions Maximum tolerance for computer clock synchronization Maximum lifetime for service ticket Maximum lifetime for user ticket renewal Maximum lifetime for user ticket Security options 1.1.10 1.1.12 1.1.13 1.1.14 1.1.15 1.2.10, 1.2.11, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.9.1, 1.9.12, 1.9.13, 1.9.14, 1.9.15, 1.9.16, 1.9.17, 1.9.18, 1.9.20, 1.9.21, 1.9.22, 1.9.23, 1.9.24, 1.9.25, 1.9.26, 1.9.27, 1.9.28, 1.9.3, 1.9.30, 1.9.31, 1.9.32, 1.9.33, 1.9.34, 1.9.37, 1.9.38, 1.9.39, 1.9.4, 1.9.40, 1.9.43, 1.9.44, 1.9.45, 1.9.46, 1.9.47, 1.9.48, 1.9.49, 1.9.5, 1.9.50, 1.9.52, 1.9.53, 1.9.54, 1.9.55, 1.9.56, 1.9.57, 1.9.6, 1.9.8, 1.9.9, 1.9.2, 1.9.10, 1.9.11, 1.9.19, 1.9.29, 1.9.41. 1.9.42, 1.9.51, 1.9.58 Login Parameters The Login Parameters module reports accounts, resources, and settings that are inconsistent with proper authorized usage.

Symantec Enterprise Security Manager Baseline Policy Manual for Windows Server 2008 Domain Controllers 9 Table 1-3 gives a list of the checks and their s. Table 1-3 s and s Account lockout duration Account lockout threshhold Bad logon counter reset Security options 1.1.7 1.1.8 1.1.9 1.1.11 Password Strength The Password Strength module examines the system parameters that control a password construction, change, age, expiration, and storage. Table 1-4 gives a list of the checks and their s. Table 1-4 s and s Account Policies - Password Policy Passwords must meet complexity requirements Passwords stored using reversible encryption 1.1.1, 1.1.2, 1.1.3, 1.1.4 1.1.5 1.1.6 System Auditing The System Auditing module reports the security events that are audited for failure or success and the status of the log file when it is full. Table 1-5 gives a list of the checks and their s. Table 1-5 s and s Application event log size Application events do not overwrite security logs 1.4.1 1.4.2

10 Symantec Enterprise Security Manager Baseline Policy Manual for Windows Server 2008 Domain Controllers Table 1-5 s and s (continued) Granular System Audit Settings Security event log size Security events do not overwrite security logs System event log size System events do not overwrite security logs 1.3.8, 1.3.9, and 1.3.10 1.4.3 1.4.4 1.4.5 1.4.6 Audit Windows Server 2008 has detailed audit facilities that allow administrators to tune their audit policy with greater specificity. Table 1-6 gives a list of the checks and their s. Table 1-6 s and s Auditing for Account Logon Events Auditing for Account Management Audit directory service access Auditing for Logon Events Audit Object Access Auditing for Policy Changes Aaudit privilege use Audit process tracking Auditing for System Events 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.2.8 1.2.9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information