Level II Assessment Forms

The following forms, as shown in Tables B.5, B.6, and B.7, can be used when assessing servers and during system demonstrations.

Table B.5. Password Controls

Password Action

Recommended Value

Actual Value

Enforce password history

10 days

Maximum password age

30 days

Minimum password age

1 day

Minimum password length

7 characters

Passwords must meet complexity

Enabled

Account lockout threshold

After 3 attempts

Table B.6. Audit Controls

Auditing

Recommended Value

Actual Value

Audit system events

Success and failure

Audit process tracking

None

Audit privilege use

Failure

Audit account logon events

Failure

Audit account management

Success and failure

Audit directory service access

None

Audit logon events

Failure

Audit object access

Success

Audit policy change

Failure

Table B.7. Access Options and Controls

Access Options

Recommended Value

Actual Value

Rename administrator account

Rename

Audit the use of backup and restore privilege

Enabled

Shut down system immediately if unable to log security audits

Enabled

Do not display last username

Enabled

Display message text for users attempting to log on

Enabled

Message title for users attempting to log on

Enabled

Prompt user to change password before expiration

1 week

Network access: Do not allow anonymous enumeration of SAM accounts

Enabled

Can shares be accessed anonymously

No

Force logoff when logon hours expire

Enabled

Suspend session time

30 minutes

Do not display last username

Enabled

Restrict floppy, CD-ROM, and USB ports

Enabled


Introduction to Assessing Network Vulnerabilities

Foundations and Principles of Security

Why Risk Assessment

Risk-Assessment Methodologies

Scoping the Project

Understanding the Attacker

Performing the Assessment

Tools Used for Assessments and Evaluations

Preparing the Final Report

Post-Assessment Activities

Appendix A. Security Assessment Resources

Appendix B. Security Assessment Forms

Appendix C. Security Assessment Sample Report

Appendix D. Dealing with Consultants and Outside Vendors

Appendix E. SIRT Team Report Format Template



Inside Network Security Assessment. Guarding your IT Infrastructure
Inside Network Security Assessment: Guarding Your IT Infrastructure
ISBN: 0672328097
EAN: 2147483647
Year: 2003
Pages: 138

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net