A computer security audit is a manual and systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the system.
The first and outermost ring addresses the building and its outer perimeters. These areas are secured with a combination of mechanical locks and electronic access controls. The first ring is electronically monitored.
The second ring of security includes physically separating and locking controlled areas. These areas are secured, at the very least, with mechanical locks.
The third and innermost ring of security includes restricted areas. Entry into these areas is controlled on a need-to-enter basis. These areas are secured with electronic access control. The third ring is also electronically monitored.
Verify that the Guest account is disabled - since attackers can log on the
Guest Account Vulnerability
A common suggestion is to rename the Administrator account - even create a dummy account named "Administrator". While this may be a simple procedure, it could stop some attempts to attack Window Hosts using Administrator Account. Whatever your decision is, make sure you are using a strong password policy.
Do not create unnecessary accounts such as test accounts, shared accounts, or generic accounts as doing so will create unnecessary vulnerabilities to your system. If you must create these types of accounts, be sure to disable them when they are not being used and use group policies to assign permissions and audit these accounts regularly.
+ Replace the Everyone Group with Authenticated Users on file shares as this setting will allow anyone who gains access to your network to access all your data.
Password Policies is a set of rules designed to enhance computer security by encouraging users to set strong passwords and use them properly.
The password policies requirement of Government System
Some common suggestions are (tested in Windows Server):
Enforce Password History Enabled (recommended value is 5 past passwords)
Maximum Password Age Enabled (recommended value is 60 characters)
Minimum Password Age Enabled (recommended value is 5 characters)
Account Lockout Policies are a useful method for slowing down online password-guessing attacks and to compensate for weak password policies. These three policies work together to limit the number of consecutive login attempts within a set timeframe that fail due to wrong passwords.
Some suggestions are (tested in Windows Server with Audit checklists by
Account Lockout Threshold Enabled (recommended value is 3-5 invalid
Account Lockout Duration Enabled (recommended value is
Reset Account Lockout Threshold After Disabled (recommended manual reset of accounts)
Take note that in large organizations, recording Success events will cause the logs size to scale rapidly. You may consider recording Success events at only certain Domain Controllers or specific member servers that may hold highly sensitive or confidential information.
Disable any network services that are not required. Be aware that many applications installed require additional services to run, which will open the server to potential exploitation. A few services that should be disabled are IIS services, FTP services, Network News Transport Protocol (NNTP), Simple Mail Transport Protocol (SMTP), and the World Wide Web Publishing Service. Some suggestions for Windows services are:
Disable any ports that are not required, but never assume your servers are completely safe! You can find a list of open ports on your local system in the file %systemroot%\drivers\etc\services.
Some suggestions by
This article has explained how proper configurations and planning for servers as an initial step in the audit process will ensure your system information is secured. The cost of time and money may be significant. However, the budget for security, controls