Level II Assessment Forms
The following forms, as shown in Tables B.5, B.6, and B.7, can be used when assessing servers and during system demonstrations.
Table B.5. Password ControlsPassword Action | Recommended Value | Actual Value |
---|
Enforce password history | 10 days | |
Maximum password age | 30 days | |
Minimum password age | 1 day | |
Minimum password length | 7 characters | |
Passwords must meet complexity | Enabled | |
Account lockout threshold | After 3 attempts | |
Table B.6. Audit ControlsAuditing | Recommended Value | Actual Value |
---|
Audit system events | Success and failure | |
Audit process tracking | None | |
Audit privilege use | Failure | |
Audit account logon events | Failure | |
Audit account management | Success and failure | |
Audit directory service access | None | |
Audit logon events | Failure | |
Audit object access | Success | |
Audit policy change | Failure | |
Table B.7. Access Options and ControlsAccess Options | Recommended Value | Actual Value |
---|
Rename administrator account | Rename | |
Audit the use of backup and restore privilege | Enabled | |
Shut down system immediately if unable to log security audits | Enabled | |
Do not display last username | Enabled | |
Display message text for users attempting to log on | Enabled | |
Message title for users attempting to log on | Enabled | |
Prompt user to change password before expiration | 1 week | |
Network access: Do not allow anonymous enumeration of SAM accounts | Enabled | |
Can shares be accessed anonymously | No | |
Force logoff when logon hours expire | Enabled | |
Suspend session time | 30 minutes | |
Do not display last username | Enabled | |
Restrict floppy, CD-ROM, and USB ports | Enabled | |
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.