Level II Assessment Forms
The following forms, as shown in Tables B.5, B.6, and B.7, can be used when assessing servers and during system demonstrations.
Table B.5. Password Controls| Password Action | Recommended Value | Actual Value |
|---|
| Enforce password history | 10 days | |
| Maximum password age | 30 days | |
| Minimum password age | 1 day | |
| Minimum password length | 7 characters | |
| Passwords must meet complexity | Enabled | |
| Account lockout threshold | After 3 attempts | |
Table B.6. Audit Controls| Auditing | Recommended Value | Actual Value |
|---|
| Audit system events | Success and failure | |
| Audit process tracking | None | |
| Audit privilege use | Failure | |
| Audit account logon events | Failure | |
| Audit account management | Success and failure | |
| Audit directory service access | None | |
| Audit logon events | Failure | |
| Audit object access | Success | |
| Audit policy change | Failure | |
Table B.7. Access Options and Controls| Access Options | Recommended Value | Actual Value |
|---|
| Rename administrator account | Rename | |
| Audit the use of backup and restore privilege | Enabled | |
| Shut down system immediately if unable to log security audits | Enabled | |
| Do not display last username | Enabled | |
| Display message text for users attempting to log on | Enabled | |
| Message title for users attempting to log on | Enabled | |
| Prompt user to change password before expiration | 1 week | |
| Network access: Do not allow anonymous enumeration of SAM accounts | Enabled | |
| Can shares be accessed anonymously | No | |
| Force logoff when logon hours expire | Enabled | |
| Suspend session time | 30 minutes | |
| Do not display last username | Enabled | |
| Restrict floppy, CD-ROM, and USB ports | Enabled | |
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.
