The document provides system hardening recommendations for Windows 7 workstations and Windows Server 2012 at Verisk Health. It includes recommendations for account policies, local policies, Windows Firewall settings, network list manager policies, and public key policies. The recommendations aim to enhance security by restricting user permissions, enabling encryption, and locking down network access and system objects. Implementing the changes would help protect sensitive data like PHI and PII but also require carefully considering each setting's potential impact.
This document discusses strategies for hardening Windows operating systems and applications. It provides resources and guidelines for securing Microsoft OS's using tools like the Microsoft Security Compliance Manager and the Center for Internet Security benchmarks. Specific recommendations are given for mitigating risks from Java, Adobe Reader, local administrator passwords, and enabling full disk encryption with BitLocker. Troubleshooting tips are also included for addressing issues that may arise from an OS hardening project.
The document provides biographies and background information on two cyber threat hunters, Teymur Kheirkhabarov and Sergey Soldatov. It then discusses the process of cyber threat hunting, including collecting log and system event data from endpoints, analyzing that data using tools like Yara and Cuckoo Sandbox, and manually investigating anomalies through iterative hypothesis testing to detect advanced threats. Examples are given of how threat hunters traced back the steps of an attacker who compromised a system by injecting code into the LSASS process and establishing persistence via a scheduled task. The document emphasizes that threat hunting requires both machine analysis of large datasets as well as human reasoning to uncover sophisticated threats that evade other security solutions.
Cryptography is the science of encrypting and decrypting data using mathematical concepts. It allows sensitive information to be stored or transmitted securely over insecure networks so that only the intended recipient can read it. The key concepts in cryptography include symmetric and asymmetric encryption algorithms, cryptosystems, cryptanalysis, cryptographic primitives like block ciphers and stream ciphers, and elements like keys, initialization vectors, and cryptographic services like confidentiality, integrity, authentication, and non-repudiation. Proper implementation with secure algorithms, large random keys, and protection of actual keys is important for cryptosystem strength.
Dokumen ini membahas tentang teknik-teknik untuk mendapatkan akses ke sistem target setelah melakukan footprinting dan scanning. Beberapa teknik yang disebutkan antara lain cracking password, social engineering, dan mengeksekusi aplikasi untuk mendapatkan akses ke sistem target. Dokumen ini juga membahas berbagai cara untuk memperkuat keamanan password agar sulit diretas.
The document discusses communications and network security basics including telecommunications, protocols, network architectures, and the OSI model. It provides an overview of each layer of the OSI model and how data is encapsulated as it moves through the layers. Key concepts covered include TCP/IP, IPv4 and IPv6 addressing, tunneling methods, wired transmission types, cable types, and plenum cable requirements.
Keamanan Informasi dan Perlindungan Data PribadiWidy Widyawan
UU PDP memuat ketentuan yang cukup memadai untuk melindungi hak atas privasi warga negara. Namun, beberapa aspek seperti kepemilikan data pribadi, batasan transfer antar pengendali data, dan sanksi bagi pelanggaran oleh badan publik masih perlu diperjelas. Keamanan sistem informasi juga perlu mendapat perhatian lebih dalam rangka menjamin privasi data.
This document discusses strategies for hardening Windows operating systems and applications. It provides resources and guidelines for securing Microsoft OS's using tools like the Microsoft Security Compliance Manager and the Center for Internet Security benchmarks. Specific recommendations are given for mitigating risks from Java, Adobe Reader, local administrator passwords, and enabling full disk encryption with BitLocker. Troubleshooting tips are also included for addressing issues that may arise from an OS hardening project.
The document provides biographies and background information on two cyber threat hunters, Teymur Kheirkhabarov and Sergey Soldatov. It then discusses the process of cyber threat hunting, including collecting log and system event data from endpoints, analyzing that data using tools like Yara and Cuckoo Sandbox, and manually investigating anomalies through iterative hypothesis testing to detect advanced threats. Examples are given of how threat hunters traced back the steps of an attacker who compromised a system by injecting code into the LSASS process and establishing persistence via a scheduled task. The document emphasizes that threat hunting requires both machine analysis of large datasets as well as human reasoning to uncover sophisticated threats that evade other security solutions.
Cryptography is the science of encrypting and decrypting data using mathematical concepts. It allows sensitive information to be stored or transmitted securely over insecure networks so that only the intended recipient can read it. The key concepts in cryptography include symmetric and asymmetric encryption algorithms, cryptosystems, cryptanalysis, cryptographic primitives like block ciphers and stream ciphers, and elements like keys, initialization vectors, and cryptographic services like confidentiality, integrity, authentication, and non-repudiation. Proper implementation with secure algorithms, large random keys, and protection of actual keys is important for cryptosystem strength.
Dokumen ini membahas tentang teknik-teknik untuk mendapatkan akses ke sistem target setelah melakukan footprinting dan scanning. Beberapa teknik yang disebutkan antara lain cracking password, social engineering, dan mengeksekusi aplikasi untuk mendapatkan akses ke sistem target. Dokumen ini juga membahas berbagai cara untuk memperkuat keamanan password agar sulit diretas.
The document discusses communications and network security basics including telecommunications, protocols, network architectures, and the OSI model. It provides an overview of each layer of the OSI model and how data is encapsulated as it moves through the layers. Key concepts covered include TCP/IP, IPv4 and IPv6 addressing, tunneling methods, wired transmission types, cable types, and plenum cable requirements.
Keamanan Informasi dan Perlindungan Data PribadiWidy Widyawan
UU PDP memuat ketentuan yang cukup memadai untuk melindungi hak atas privasi warga negara. Namun, beberapa aspek seperti kepemilikan data pribadi, batasan transfer antar pengendali data, dan sanksi bagi pelanggaran oleh badan publik masih perlu diperjelas. Keamanan sistem informasi juga perlu mendapat perhatian lebih dalam rangka menjamin privasi data.
This document discusses administrative security controls and incident response management. It covers topics such as least privilege, separation of duties, privilege monitoring, forensic data collection and analysis, incident response phases including preparation, detection, response, and recovery, and continuity planning including backup strategies, fault tolerance, and disaster recovery processes. The goal of these controls and plans is to mitigate risks from both internal and external threats and ensure business continuity even during disruptive events.
Dokumen tersebut membahas sejarah dan perkembangan CERT di Indonesia dan dunia, serta fungsi dan layanan yang disediakan oleh ID-CERT sebagai lembaga respon insiden keamanan siber di Indonesia.
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
There are three main components of security assessment and testing: security tests, security assessments, and security audits. Security tests verify controls are functioning properly through automated and manual tests. Security assessments perform comprehensive reviews of systems and networks to identify risks and recommend mitigations. Security audits systematically evaluate controls to demonstrate effectiveness to third parties. Other topics covered include penetration testing, vulnerability assessments, code reviews, logging, and different testing methods.
The document provides an overview of Active Directory, including its components and how it is used to centrally manage users, computers, and other objects within a network. It discusses key Active Directory concepts such as forests, domains, organizational units, users, computers, and domain trusts. It also provides step-by-step instructions for setting up an Active Directory lab environment for red teaming purposes and integrating a client machine into the domain.
This document discusses recommendations for securing an Active Directory environment. It recommends a single forest single domain architecture by default, but acknowledges exceptions may exist. It introduces a tier model for access control and recommends restricting privilege escalation through measures like privileged access workstations and assessing AD security. It also recommends restricting lateral movement, implementing attack detection solutions, and preparing the organization through strategic planning and technical education.
This document discusses using Splunk queries on CloudTrail and GuardDuty data to hunt for threats across many AWS accounts. Some key points discussed are:
- Centralizing CloudTrail and GuardDuty data in a single account for querying
- Examples of queries to detect root logins, logins from unusual IP addresses, RDP brute force attacks, and other suspicious activity
- Using tools like Antiope to inventory resources and identify exposed resources across accounts
- Taking automated action on findings using tools like Demisto
Mata kuliah ini membahas konsep dasar keamanan jaringan, termasuk aspek-aspek keamanan seperti kerahasiaan, integritas, dan ketersediaan data. Mahasiswa akan mempelajari teknik serangan dan pertahanan jaringan, serta membangun sistem pertahanan jaringan.
The document provides an overview of Windows event analysis for security investigation and auditing purposes. It discusses important event IDs related to logins, logouts, and object access, along with the key fields in these events that allow correlation of activities. Examples of event descriptions and search queries are also provided to help identify users, objects, and activities of interest during an investigation.
This document provides a summary of authentication techniques and common vulnerabilities. It discusses how over 90% of applications use usernames and passwords for authentication. More secure authentication methods like two-factor authentication are also described. The document outlines various authentication protocols like HTTP, SAML, and JWT. It then details common design flaws such as weak passwords, password change vulnerabilities, account recovery issues, and information leakage. Specific attacks like brute force, credential stuffing, and session hijacking are examined. The summary recommends approaches to secure authentication like strong credentials, hashing passwords, multi-factor authentication, and logging authentication events.
While it is quite common practice to do periodic security assessments of your local network, it is really rare to find a company who puts the same effort for testing the security in their cloud. We have to understand what new threats and risks appeared with the cloud and how should we change our attitude to testing cloud security. The goal of my presentation is to show how security assessment of cloud infrastructure it is different from testing environments in classic architecture. I'll demonstrate a hypothetical attack on a company which is fully deployed in the AWS environment. I’m going to show the whole kill chain starting from presenting cloud-applicable reconnaissance techniques. Then I’ll attack the web application server hosted on EC2 instance to access its metadata. Using the assigned role, I’ll access another AWS EC2 instance to escalate privileges to the administrator and then present how to hide fingerprints in CloudTrail service. Finally, I’ll demonstrate various techniques of silent exfiltrating data from AWS environment, setting up persistent access and describe another potential, cloud-specific threats, e.g. cryptojacking or ransomware in the cloud. The presentation shows practical aspects of attacking cloud services and each step of the kill chain will be presented in a form of an interactive, live demo. On the examples of presented attacks, I’ll show how to use AWS exploitation framework Pacu and other handy scripts.
With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security.
During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach.
Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data.
Learning Objectives:
Upon completion of this seminar, participants will be able to:
1. Understand the history and evolution of Zero Trust and its application to data security.
2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security.
3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security.
4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data.
5. Network with other industry professionals to share insights and best practices.
How to Hunt for Lateral Movement on Your NetworkSqrrl
The document discusses threat hunting for lateral movement. It begins with an overview of lateral movement, describing it as techniques attackers use to access and control systems within a network. It then covers the lateral movement process, including initial compromise, reconnaissance, credential theft, and lateral movement events. The document demonstrates Sqrrl's lateral movement detectors, which use data science techniques like graph analysis and machine learning to detect lateral movement in network data. It discusses building a lateral movement detector by aligning it with TTPs, using classifiers to rank events, and implementing it at scale in Spark.
1. Dokumen tersebut membahas tentang keamanan jaringan nirkabel dan aplikasi web. Termasuk teknik hacking wifi, enkripsi nirkabel, dan serangan terhadap server dan aplikasi web seperti injection, XSS, dan cara mencegahnya.
This document provides an introduction to red team operations from the perspective of a penetration tester transitioning to become a red teamer. It discusses some of the key differences between penetration testing and red teaming such as scope, reconnaissance required, stealth, and infrastructure setup. The document outlines principles for red team operations including protecting infrastructure, logging everything, managing information, and avoiding detection. It also provides examples of tactics, techniques and procedures used in red team operations as well as considerations for tools like Cobalt Strike to help evade detection.
Active Directory is a directory service created by Microsoft that allows the management of users, groups, computers and other network resources. It uses a centralized database that contains information about these objects and authenticates users on the network. Administrators can use Active Directory to control permissions, security settings and other policies for all connected computers from a central location. It provides benefits like single sign-on, centralized management and automation of tasks. Active Directory requires a Windows server and networking infrastructure and planning is important for successful implementation and management of the directory service.
The document provides an overview of new features in Windows 7, organized into three sessions:
1) Security Features such as User Account Control changes, BitLocker, and AppLocker application control.
2) Networking Functionality like DirectAccess for remote access and BranchCache for caching content at branch offices.
3) Other Features including Libraries for file management, Problem Steps Recorder for troubleshooting, and interface improvements.
The document outlines features in Windows 7 related to security, networking, and interface improvements. It discusses changes to User Account Control, new security features like BitLocker and BitLocker To Go, and the new AppLocker application control tool. Networking features covered include DirectAccess for remote access without VPN, and BranchCache for caching content in branch offices. Interface enhancements summarized are pinning icons to the taskbar, taskbar previews, jumplists, and tiling windows.
This document discusses administrative security controls and incident response management. It covers topics such as least privilege, separation of duties, privilege monitoring, forensic data collection and analysis, incident response phases including preparation, detection, response, and recovery, and continuity planning including backup strategies, fault tolerance, and disaster recovery processes. The goal of these controls and plans is to mitigate risks from both internal and external threats and ensure business continuity even during disruptive events.
Dokumen tersebut membahas sejarah dan perkembangan CERT di Indonesia dan dunia, serta fungsi dan layanan yang disediakan oleh ID-CERT sebagai lembaga respon insiden keamanan siber di Indonesia.
CNIT 129S: 9: Attacking Data Stores (Part 1 of 2)Sam Bowne
Slides for a college course based on "The Web Application Hacker's Handbook", 2nd Ed.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/129S/129S_F16.shtml
There are three main components of security assessment and testing: security tests, security assessments, and security audits. Security tests verify controls are functioning properly through automated and manual tests. Security assessments perform comprehensive reviews of systems and networks to identify risks and recommend mitigations. Security audits systematically evaluate controls to demonstrate effectiveness to third parties. Other topics covered include penetration testing, vulnerability assessments, code reviews, logging, and different testing methods.
The document provides an overview of Active Directory, including its components and how it is used to centrally manage users, computers, and other objects within a network. It discusses key Active Directory concepts such as forests, domains, organizational units, users, computers, and domain trusts. It also provides step-by-step instructions for setting up an Active Directory lab environment for red teaming purposes and integrating a client machine into the domain.
This document discusses recommendations for securing an Active Directory environment. It recommends a single forest single domain architecture by default, but acknowledges exceptions may exist. It introduces a tier model for access control and recommends restricting privilege escalation through measures like privileged access workstations and assessing AD security. It also recommends restricting lateral movement, implementing attack detection solutions, and preparing the organization through strategic planning and technical education.
This document discusses using Splunk queries on CloudTrail and GuardDuty data to hunt for threats across many AWS accounts. Some key points discussed are:
- Centralizing CloudTrail and GuardDuty data in a single account for querying
- Examples of queries to detect root logins, logins from unusual IP addresses, RDP brute force attacks, and other suspicious activity
- Using tools like Antiope to inventory resources and identify exposed resources across accounts
- Taking automated action on findings using tools like Demisto
Mata kuliah ini membahas konsep dasar keamanan jaringan, termasuk aspek-aspek keamanan seperti kerahasiaan, integritas, dan ketersediaan data. Mahasiswa akan mempelajari teknik serangan dan pertahanan jaringan, serta membangun sistem pertahanan jaringan.
The document provides an overview of Windows event analysis for security investigation and auditing purposes. It discusses important event IDs related to logins, logouts, and object access, along with the key fields in these events that allow correlation of activities. Examples of event descriptions and search queries are also provided to help identify users, objects, and activities of interest during an investigation.
This document provides a summary of authentication techniques and common vulnerabilities. It discusses how over 90% of applications use usernames and passwords for authentication. More secure authentication methods like two-factor authentication are also described. The document outlines various authentication protocols like HTTP, SAML, and JWT. It then details common design flaws such as weak passwords, password change vulnerabilities, account recovery issues, and information leakage. Specific attacks like brute force, credential stuffing, and session hijacking are examined. The summary recommends approaches to secure authentication like strong credentials, hashing passwords, multi-factor authentication, and logging authentication events.
While it is quite common practice to do periodic security assessments of your local network, it is really rare to find a company who puts the same effort for testing the security in their cloud. We have to understand what new threats and risks appeared with the cloud and how should we change our attitude to testing cloud security. The goal of my presentation is to show how security assessment of cloud infrastructure it is different from testing environments in classic architecture. I'll demonstrate a hypothetical attack on a company which is fully deployed in the AWS environment. I’m going to show the whole kill chain starting from presenting cloud-applicable reconnaissance techniques. Then I’ll attack the web application server hosted on EC2 instance to access its metadata. Using the assigned role, I’ll access another AWS EC2 instance to escalate privileges to the administrator and then present how to hide fingerprints in CloudTrail service. Finally, I’ll demonstrate various techniques of silent exfiltrating data from AWS environment, setting up persistent access and describe another potential, cloud-specific threats, e.g. cryptojacking or ransomware in the cloud. The presentation shows practical aspects of attacking cloud services and each step of the kill chain will be presented in a form of an interactive, live demo. On the examples of presented attacks, I’ll show how to use AWS exploitation framework Pacu and other handy scripts.
With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security.
During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach.
Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data.
Learning Objectives:
Upon completion of this seminar, participants will be able to:
1. Understand the history and evolution of Zero Trust and its application to data security.
2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security.
3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security.
4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data.
5. Network with other industry professionals to share insights and best practices.
How to Hunt for Lateral Movement on Your NetworkSqrrl
The document discusses threat hunting for lateral movement. It begins with an overview of lateral movement, describing it as techniques attackers use to access and control systems within a network. It then covers the lateral movement process, including initial compromise, reconnaissance, credential theft, and lateral movement events. The document demonstrates Sqrrl's lateral movement detectors, which use data science techniques like graph analysis and machine learning to detect lateral movement in network data. It discusses building a lateral movement detector by aligning it with TTPs, using classifiers to rank events, and implementing it at scale in Spark.
1. Dokumen tersebut membahas tentang keamanan jaringan nirkabel dan aplikasi web. Termasuk teknik hacking wifi, enkripsi nirkabel, dan serangan terhadap server dan aplikasi web seperti injection, XSS, dan cara mencegahnya.
This document provides an introduction to red team operations from the perspective of a penetration tester transitioning to become a red teamer. It discusses some of the key differences between penetration testing and red teaming such as scope, reconnaissance required, stealth, and infrastructure setup. The document outlines principles for red team operations including protecting infrastructure, logging everything, managing information, and avoiding detection. It also provides examples of tactics, techniques and procedures used in red team operations as well as considerations for tools like Cobalt Strike to help evade detection.
Active Directory is a directory service created by Microsoft that allows the management of users, groups, computers and other network resources. It uses a centralized database that contains information about these objects and authenticates users on the network. Administrators can use Active Directory to control permissions, security settings and other policies for all connected computers from a central location. It provides benefits like single sign-on, centralized management and automation of tasks. Active Directory requires a Windows server and networking infrastructure and planning is important for successful implementation and management of the directory service.
The document provides an overview of new features in Windows 7, organized into three sessions:
1) Security Features such as User Account Control changes, BitLocker, and AppLocker application control.
2) Networking Functionality like DirectAccess for remote access and BranchCache for caching content at branch offices.
3) Other Features including Libraries for file management, Problem Steps Recorder for troubleshooting, and interface improvements.
The document outlines features in Windows 7 related to security, networking, and interface improvements. It discusses changes to User Account Control, new security features like BitLocker and BitLocker To Go, and the new AppLocker application control tool. Networking features covered include DirectAccess for remote access without VPN, and BranchCache for caching content in branch offices. Interface enhancements summarized are pinning icons to the taskbar, taskbar previews, jumplists, and tiling windows.
UNIT 6-EXPLAINING THE ROLE OF THE NETWORK ADMINISTRATOR AND SUPPORT.pptxLeahRachael
The document discusses the role of the network administrator and support. It covers managing user accounts, including creating and configuring local and domain user accounts. It discusses setting properties for user accounts, such as personal properties, account properties, and logon options. It also covers best practices for managing user accounts, including renaming the administrator account and requiring new users to change their passwords. The document also provides an overview of uninterruptible power supplies (UPS) and how they can provide fault tolerance for network systems.
Prévention et détection des mouvements latérauxColloqueRISQ
The document provides recommendations for preventing lateral movement on a Windows network without spending money. It recommends preventing local account access from the network using GPOs, protecting network communications with IPsec, and configuring AppLocker to prevent unauthorized applications. It also provides configuration steps for implementing Windows Event Forwarding to centrally monitor logs, using the firewall with IPsec rules, and adding an event collector subscription.
Windows Server 2008 includes several new security features to protect the operating system and applications. These include code integrity validation to prevent unauthorized code from loading, user access control to limit applications to standard user privileges, and network access protection to control network access based on the health status of client machines. The document also discusses improvements to application hardening, encryption technologies like BitLocker, and additional auditing capabilities in Windows Server 2008.
The document discusses Lumension Security Sanctuary Device Control software. It provides an overview of the software's capabilities including monitoring device usage, enforcing policies, logging and auditing access, encrypting removable devices, and deploying the software easily through various methods. The software aims to secure devices and media while still enabling workforce productivity.
This document provides an agenda for hardening Windows 2003 web servers. It covers various topics including physical security, OS installation, account policies, local policies, services configuration, user accounts, IP policies, permissions, hardening IIS, and additional hardening techniques. The goal is to create a secure environment and maintain security by configuring the OS, services, user accounts, permissions and IIS according to security best practices.
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara
The document provides a step-by-step guide for securing a company's IT architecture. It outlines creating a network and system administration policy, mapping out the company's IT elements, and then securing each element. Key steps include applying security through obscurity, hardening operating systems and services, updating software, and implementing monitoring, backups, and disaster recovery policies. Specific recommendations are given for securing SSH, Postfix, NFS, Apache, and PHP.
This document summarizes new security features in Windows 2008 R2 including service hardening, the Windows firewall, BitLocker encryption, DirectAccess, Active Directory Rights Management Services, read-only domain controllers, public key infrastructure enhancements, Remote Desktop Gateway, Network Access Protection, the Active Directory recycle bin, and managed service accounts. It provides overviews and benefits of each feature to improve the security, access controls, and manageability of a Windows 2008 R2 environment.
This session will explore Windows 7 core platform security improvements, securing anywhere access, data protection, and protecting desktop users. We will explain how Windows 7 features in each of these areas provide the foundation for secure and reliable platform. We will discuss User Account Control improvements, enhanced auditing, Network Access Protection (NAP), Firewall improvements, Applocker, Bitlocker and Bitlocker to go enhancements, Direct Access, Internet Explorer 8 security improvements, and EFS enhancements.
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
In this presentation from her webinar, renowned cybersecurity expert Paula Januszkiewicz delves into what a truly holistic vulnerability management program should look like. When all parts are correctly established and working together, organizations can dramatically dial down their risk exposure. This presentation covers:
- The key phases and activities of the vulnerability management lifecycle
- The tools you need for an effective vulnerability management program
- How to prioritize your VM needs
- How an effective VM program can help you measurably reduce risk and meet compliance objectives
You can watch the full webinar here: https://www.beyondtrust.com/resources/webinar/tips-remediate-vulnerability-management-program
This document provides instructions for a lesson on securing network devices. It discusses concepts like router hardening, secure administrative access, and network monitoring techniques. It also outlines objectives like configuring a secure network perimeter and demonstrating secure router administration access. Finally, it provides details on implementing security features like banners, SSH, privilege levels, role-based CLI access, resilient configuration, and password recovery procedures.
Firewall Analyzer is a tool that analyzes firewall logs to generate various reports. It discusses how Firewall Analyzer helps meet challenges by tracking URL activities, user bandwidth, securing networks, and performing audits. The document outlines how to install, configure and import logs into Firewall Analyzer. It describes the different types of reports that can be generated for traffic analysis, security analysis, and device management. It also discusses how to set up alarms and notifications. Questions from users are addressed at the end regarding issues like seeing traffic bytes, VPN user details, and required hard drive space.
New Features Lotus Domino Administration 8.5Rolf Kremer
The document discusses new features in IBM Lotus Domino Administration Release 8.5 including Domino Roaming, Domino Configuration Tuner, ID Vault, and DAOS. Domino Roaming allows files to be replicated across devices. The Domino Configuration Tuner evaluates server settings. ID Vault stores protected copies of user IDs. DAOS saves space by sharing identical file attachments across databases on the same server.
This document provides an overview of Windows authentication concepts including:
- Authentication verifies a user or object's identity while authorization determines what resources they can access.
- Accounts identify principals like users and services and are assigned to security groups which grant permissions.
- Logons authenticate users and applications, with interactive logons initiated by Winlogon and application logons for services.
- Authorization uses security tokens containing group memberships and privileges to determine resource access.
A Critical Analysis of Microsoft Data Protection SolutionsJohn Rhoton
This document provides an overview and analysis of three Microsoft data protection solutions: BitLocker Drive Encryption (BDE), Encrypting File System (EFS), and Rights Management Services (RMS). BDE encrypts the entire hard drive to protect data from offline attacks. EFS encrypts individual files and folders on a system or shared network drive. RMS allows users to control access to documents and emails through usage policies enforced by a server.
A meticulous presentation on Authorization, Encryption & Authentication of the security features in MySQL 8.0 by Vignesh Prabhu, Database reliability engineer, Mydbops.
SkypeShield - Securing Skype for BusinessYoav Crombie
The leading Skype for Business security solution treating external access security risks.
SkypeShield offers Two Factor Authentication, Device access control, Account lockout protection, Exchange Web Service protection, MDM binding, VPN, DLP , Ethical Wall and application Firewall.
Active Directory is a database that stores information about a network's users, computers, groups, and other network resources. It allows for centralized management of these resources.
A domain controller is a server that responds to authentication requests on the Windows domain. It authenticates users' credentials when they log into the domain network.
Lightweight Directory Access Protocol (LDAP) is an open standard protocol that Active Directory supports to make user and resource information widely accessible for management and querying across the network.
Chromium OS - User Accounts and ManagementPicker Weng
The Chromium OS device includes many configurations such as network, whitelist, bookmark, themes, and etc. We can simply distinguish these settings between system settings and user preference. In general, every user would like to have own configuration. This means user can define their theme, network configuration, and etc. But user’s data is always stored in the cloud server in the cloud-based device so that we have to sync these data down to device from web. For this reason, the Chromium OS device should know that which user is logging in to device, and then sync his data down to. Therefore, Google’s Chromium OS team develops some mechanism to manage user accounts and settings.
Similar to System Hardening Recommendations_FINAL (20)
2. Table of Contents
I. Windows 7 Workstation Hardening Recommendations
a. Account Policies
b. Local Policies
c. Windows Firewall
d. Network List Manager Policies
e. Public Key Policies
f. Software Restriction Policies
g. Application Control Policies
h. Advanced Audit Policy Configuration
II. Windows Server 2012 Hardening Recommendations
a. Additional Server Settings
b. Group Policy Object (GPO) Recommendations
III. Additional Hardening Recommendations
IV. Summary and Potential Impact
3. I. Windows 7 Workstation Recommendations – While many of these changes are minor, some recommendations are more impactful. Although some specifics are given, some areas include brief explanations and each setting should be carefully considered before implementing.
a. Account Policies
i. Password Policy Policy Security Settings (Recommended)
Enforce password history
24 passwords remembered
Maximum password age
≤ 60 (days)
Minimum password age
≥ 1 days
Minimum password length
8 characters
Passwords must meet complexity requirements
Enabled
Store passwords using reversible encryption
Disabled
ii. Account Lockout Policy Policy Security Settings (Recommended)
Account lockout duration
1440 minutes
Account lockout threshold
<10 Invalid login attempts
Reset account lockout counter after
1440 minutes
b. Local Policies
i. Audit Policy Setting Recommendation
Audit account logon events
Success, Failure
Audit account management
Success, Failure
Audit directory service access
Failure
Audit logon events
Success, Failure
Audit object access
Failure
Audit policy change
Success, Failure
Audit privilege use
Success, Failure
4. Audit process tracking
Failure
Audit system events
Success, Failure
ii. User Rights Assignment – These rights should be assigned by GPO to include users or administrators as applicable.
iii. Security Options
1. Accounts Setting Recommendations
Accounts: Administrator account status
Disabled
Accounts: Guest account status
Disabled
Accounts: Limit local account use of blank passwords to console logon only
Enabled
Accounts: Rename administrator account
Recommended
Accounts: Rename guest account
Recommended
2. Audit Setting Recommendation
Audit: Audit the access of global system objects
Disabled
Audit: Audit the use of Backup and Restore privilege
Disabled
Audit: Force audit policy subcategory settings
Not Defined
Audit: Shut down system immediately if unable to log security audits
Disabled
3. Devices Setting Recommendation
Devices: Allow undock without having to log on
Enabled
Devices: Allowed to format and eject removable media
Administrator, Interactive Users
Devices: Prevent users from installing printer drivers
Enabled
(*Disabled for laptops/mobile devices)
Devices: Restrict CD-ROM access to locally logged on user only
Not Defined
Devices: Restrict floppy access to locally logged on user only
Not Defined
5. 4. Domain Member Setting Recommendation
Domain member: Digitally encrypt or sign secure channel data (always)
Enabled
Domain member: Digitally encrypt secure channel data (when possible)
Enabled
Domain member: Digitally sign secure channel data (when possible)
Enabled
Domain member: Disable machine account password changes
Disabled
Domain member: Maximum machine account password age
30 days
Domain member: Require strong
(Windows 2000 or later) session key
Enabled
5. Interactive Logon Setting Recommendation
Interactive Logon: Do not display last user name
Disabled
Interactive Logon: Display user information when the session is locked
Display Name Only
Interactive Logon: Do not require CTRL+ALT+DEL
Disabled
Interactive Logon: Message text for users attempting to log on
Undefined
Interactive Logon: Message title for users attempting to
log on
Legal Notice
Interactive Logon: Number of previous logons to cache (in case domain controller is not available)
10 or less
6. Interactive Logon: Prompt user to change password before expiration
5 or less days
Interactive Logon: Require Domain Controller authentication to unlock workstation
Enabled
(*Disabled for laptops/mobile devices)
Interactive Logon: Smart card removal behavior
Lock Workstation
6. Microsoft Network Client Setting Recommendation
Microsoft network client: Digitally sign communications (always)
Disabled
Microsoft network client: Digitally sign communications (if server agrees)
Disabled
Microsoft network client: Send unencrypted password to third-party SMB servers
Disabled
7. Network Access Setting Recommendation
Network access: Allow anonymous SID/Name translation
Disabled
Network access: Do not allow anonymous enumeration of SAM accounts
Enabled
Network access: Do not allow anonymous enumeration of SAM accounts and shares
Enabled
Network access: Do not allow storage of credentials or .NET
Passports for network authentication
Enabled
Network access: Let Everyone permissions apply to anonymous users
Disabled
Network access: Named Pipes
that can be accessed anonymously
Not Defined
Network access: Remotely accessible registry paths
Not Defined
7. Network access: Restrict anonymous access to named Pipes and Shares
Enabled
Network access: Shares that can be accessed anonymously
Not Defined
Network access: Sharing and security model for local accounts
Classic – local users authenticate as themselves
8. Network Security Setting Recommendation
Network security: Allow PKU2U authentication requests to this computer to use online identities
Disabled
Network security: Configure encryption types allowed for Kerberos
AES128 or 256 future encryption types
Network security: Do not store LAN Manager hash value on next password change
Enabled
Network security: LAN Manager authentication level
Send NTLMv2 responses onlyrefuse LM
Network security: LDAP client signing requirements
Negotiate signing
Network security: Minimum session security for NTLM SSP based (including secure
RPC) clients
Require message confidentiality, Require message integrity, Require NTLMv2 session security,
Require 128 bit encryption
Network security: Minimum session security for NTLM SSP based (including secure
RPC) servers
Require message confidentiality, Require message integrity, Require NTLMv2 session security,
Require 128 bit encryption
8. 9. Recovery Console Setting Recommendation
Recovery console: Allow automatic administrative logon
Disabled
Recovery console: Allow floppy copy and access to all drives and all folders
Disabled
10. Shutdown Setting Recommendation
Shutdown: Allow system to be shut down without having to log on
Enabled
Shutdown: Clear virtual memory pagefile
Disabled
11. System Cryptography, System Objects, and User Account Control Setting Recommendation
System cryptography: Force strong key protection for user keys stored on the computer
User must enter a password each time they use a key
System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
Enabled
System objects: Require case insensitivity for non-Windows subsystems
Enabled
System objects: Strengthen default permissions of internal system objects
Enabled
c. Windows Firewall
i. Windows Firewall – Local GPO Profile: Setting Recommendation
Domain Profile
Firewall State:
ON
Inbound Connections:
BLOCK
Outbound Connections:
ALLOW
Private Profile:
Firewall State:
ON
Inbound Connections:
BLOCK
Outbound Connections:
ALLOW
9. Public Profile:
Firewall State:
ON
Inbound Connections:
BLOCK
Outbound Connections:
ALLOW
IPsec Settings:
IPsec Defaults:
CUSTOMIZE
Key Exchange (Main Mode):
DEFAULT
Data Protection (Quick Mode):
DEFAULT
Authentication Mode:
Computer and User (Kerberos V5)
IPsec Exemption:
Exempt ICMP IPsec:
NO
IPsec Tunnel Authorization:
NONE
d. Network List Manager Policies Network Name: Setting Recommendation
Network Properties
Network Name: Identifies a network
Name:
N/A
User Permissions:
User Cannot Change Name
Network Icon: Provides a graphic or logo that represents the company or network
Icon:
ICON
User Permissions:
User Cannot Change Icon
Network Location: Identifies the type of network that a computer is connected to and automatically sets the appropriate firewall setting for that location.
Location Type:
Private/Public
User Permissions:
User Cannot Change Location
Unidentified Networks: Networks that cannot be identified due to a network issue or lack of identifiable characteristics
Network Location: Identifies the type of network that a computer is connected to and automatically sets the appropriate firewall setting for that location.
Location Type:
Private/Public
User Permissions:
User Cannot Change Location
10. Identifiable Networks: Temporary state of networks that are in the process of being identified.
Network Location: Identifies the type of network that a computer is connected to and automatically sets the firewall settings for that location.
Location Type:
Private/Public
All Networks: All networks the user connects to.
User Permissions: These permissions control if users can change the network name, location, or icon.
Network Name:
User Cannot Change Name
Network Location:
User Cannot Change Location
Network Icon:
User Cannot Change Icon
e. Public Key Policies
i. Encrypting File System: Specific files/folders should be encrypted if necessary to protect sensitive data (i.e. PHI, IP). We recommend this setting be configured if sensitive/encrypted data will be saved in specific directories/folders on the machine. A Data Recovery Agent should be set – preferably to a local admin account.
ii. BitLocker Drive Encryption: As Verisk Health deals with sensitive data on a daily basis (i.e. PHI/PII), we recommend that some form of whole-disk encryption be used. In order to use BitLocker, a Data Recovery Agent must be set – preferably to a local admin account.
f. Software Restriction Policies: If it is needed and feasible, strict controls can be put in place to restrict the execution of specific file types. Since this is an advanced set of policies, it may be avoided as long as mitigating controls are in place. These would include restricting downloading and executing software to local administrators only.
11. g. Application Control Policies
i. AppLocker:
AppLocker helps administrators control how users can access and use files, such as executable files, packaged apps, scripts, Windows Installer files, and DLLs.
RECOMMENDATION: Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. Assign a rule to a security group or an individual user. Create exceptions to rules. Use audit-only mode to deploy the policy and understand its impact before enforcing it. Import and export rules. Simplify creating and managing AppLocker rules by using AppLocker PowerShell cmdlets.
ii. IP Security Policies: These required advanced configuration but should be used in cases where a system needs to communicate securely with either another computer or group of computers (subnet).
h. Advanced Audit Policy
i. System Audit Policies – Local GPO System Audit Policy: Setting Recommendation
Account Logon
Audit Credential Validation: allows you to audit events generated by validation tests on user account logon credentials.
Success, Failure
Audit Kerberos Authentication Services: allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests.
Failure
Audit Kerberos Service Ticket Operations: allows you to audit events generated by Kerberos authentication ticket-granting ticket (TGT) requests submitted for user accounts.
Failure
12. Account Logon (continued):
Audit Other Account Logon Events: allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets.
Failure
Account Management
Audit Application Group Management: allows you to audit events generated by changes to application groups such as the following: Application group created, changed, or deleted. Member is added or removed from an application group
Success, Failure
Audit Computer Account Management: allows you to audit events generated by changes to computer accounts such as when a computer account is created, changed, or deleted.
Success, Failure
Audit Distribution Group Management: allows you to audit events generated by changes to distribution groups.
Failure
Audit Other Account Management Events: allows you to audit events generates by other user account changes that are not covered in this category.
The password hash of a user account was accessed. The Password Policy Checking API was called. Changes to the Default Domain Group Policy were made.
Success, Failure
Audit Security Group Management: allows you to audit events generated by changes to security groups such as the following: Security group is created, changed, or deleted. Member is added or removed from a security group. Group type is changed
Success, Failure
Audit user Account Management: allows you to audit changes to user accounts. Events.
Success, Failure
13. Detailed Tracking
Audit DPAPI Activity: allows you to audit events generated when encryption or decryption requests are made to the Data Protection application interface (DPAPI). DPAPI is used to protect secret information such as stored password and key information.
Success, Failure
Audit Process Creation: allows you to audit events generated when a process is created or starts. The name of the application or user that created the process is also audited.
Failure
Audit Process Termination: allows you to audit events generated when a process ends.
Failure
Audit RPC Events: allows you to audit inbound remote procedure call (RPC) connections.
Success, Failure
DS Access
Audit Detailed Directory Service Replication: allows you to audit events generated by detailed Active Directory Domain Services (AD DS) replication between domain controllers.
Workstation: No Auditing
Server: Failure
Audit Directory Service Access: allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed.
Workstation: No Auditing
Server: Failure
Audit Directory Service Changes: allows you to audit events generated by changes to objects in Active Directory Domain Services (AD DS). Events are logged when an object is created, deleted, modified, moved, or undeleted.
Workstation: No Auditing
Server: Success, Failure
Audit Directory Service Replication: allows you to audit replication between two Active Directory Domain Services (AD DS) domain controllers.
Workstation: No Auditing
Server: Failure
Logon/Logoff
Audit Account Lockout: allows you to audit events generated by a failed attempt to log on to an account that is locked out.
Success.
14. Logon/Logoff (continued):
Audit User / Device Claims: allows you to audit user and device claims information in the user's logon token. Events in this subcategory are generated on the computer on which a logon session is created. For an interactive logon, the security audit event is generated on the computer that the user logged on to. For a network logon, such as accessing a shared folder on the network, the security audit event is generated on the computer hosting the resource.
Workstation: Failure
Server: Failure
Audit IPsec Extended Mode: allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.
No Auditing
Audit IPsec Main Mode: allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Main Mode negotiations.
No Auditing
Audit IPsec Quick Mode: allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Quick Mode negotiations.
No Auditing
Audit Logoff: allows you to audit events generated by the closing of a logon session. These events occur on the computer that was accessed. For an interactive logoff the security audit event is generated on the computer that the user account logged on to.
Success.
Audit Logon: allows you to audit events generated by user account logon attempts on the computer.
Workstation: Success
Server: Success, Failure
15. Logon/Logoff (continued):
Audit Network Policy Server: allows you to audit events generated by RADIUS (IAS) and Network Access Protection (NAP) user access requests. These requests can be Grant, Deny, Discard, Quarantine, Lock, and Unlock.
Success, Failure
Audit Other Logon/Logoff Events: allows you to audit other logon/logoff- related events that are not covered in the “Logon/Logoff” policy setting such as the following: Terminal Services session disconnections. New Terminal Services sessions. Locking and unlocking a workstation. Invoking a screen saver. Dismissal of a screen saver.
Success, Failure
Audit Special Logon: allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level.
Success, Failure
Object Access
Audit Application Generated: allows you to audit applications that generate events using the Windows Auditing application programming interfaces (APIs). Applications designed to use the Windows Auditing API use this subcategory to log auditing events related to their function.
No Auditing
Audit Certification Services: allows you to audit Active Directory Certificate Services (AD CS) operations.
No Auditing
Audit Detailed File Share: allows you to audit attempts to access files and folders on a shared folder. The Detailed File Share setting logs an event every time a file or folder is accessed, whereas the File Share setting only records one event for any connection established between a client and file share. Detailed File Share audit events include detailed information about the
Success, Failure
16. permissions or other criteria used to grant or deny access.
Object Access (continued):
Audit File Share: allows you to audit attempts to access a shared folder. If you configure this policy setting, an audit event is generated when an attempt is made to access a shared folder. If this policy setting is defined, the administrator can specify whether to audit only successes, only failures, or both successes and failures.
Success, Failure
Audit File System: allows you to audit user attempts to access file system objects. A security audit event is generated only for objects that have system access control lists (SACL) specified, and only if the type of access requested, such as Write, Read, or Modify and the account making the request match the settings in the SACL.
Success, Failure
Audit Filtering Platform Connection: allows you to audit connections that are allowed or blocked by the Windows Filtering Platform (WFP).
Success, Failure
Audit Filtering Platform Packet Drop: allows you to audit packets that are dropped by Windows Filtering Platform (WFP).
Failure
Audit Handle Manipulation: allows you to audit events generated when a handle to an object is opened or closed. Only objects with a matching system access control list (SACL) generate security audit events.
Success, Failure
Audit Kernel Object: allows you to audit attempts to access the kernel, which include mutexes and semaphores. Only kernel objects with a matching system access control list (SACL) generate security audit events.
Failure
Audit Other Object Access Event: allows you to audit events generated by the management of task scheduler jobs or COM+ objects.
Failure
17. Object Access (continued):
Audit Registry: allows you to audit attempts to access registry objects. A security audit event is generated only for objects that have system access control lists (SACLs) specified, and only if the type of access requested, such as Read, Write, or Modify, and the account making the request match the settings in the SACL.
Success, Failure
Audit Removable Storage: allows you to audit user attempts to access file system objects on a removable storage device. A security audit event is generated only for all objects for all types of access requested.
Success, Failure
Audit SAM: allows you to audit events generated by attempts to access to Security Accounts Manager (SAM) objects.
Success, Failure
Policy Change
Audit Audit Policy Change: allows you to audit changes in the security audit policy settings.
Success
Audit Authentication Policy Change: allows you to audit events generated by changes to the authentication policy.
Success
Audit Authorization Policy Change: allows you to audit events generated by changes to the authorization policy.
No Auditing
Audit Filtering Platform Policy Change: allows you to audit events generated by changes to the Windows Filtering Platform (WFP).
Success
Audit MPSSVC Rule-Level Policy Change: allows you to audit events generated by changes in policy rules used by the Microsoft Protection Service (MPSSVC). This service is used by Windows Firewall.
No Auditing
Audit Other Policy Change Events: allows you to audit events generated by other security policy changes that are not audited in the policy change category.
Success
18. Privilege Use
Audit Non Sensitive Privilege Use: allows you to audit events generated by the use of non-sensitive privileges (user rights).
No Auditing
Audit Other Privilege Use Events:
No Auditing
Audit Sensitive Privilege Use: allows you to audit events generated when sensitive privileges (user rights) are used.
Success, Failure
System
Audit IPsec Driver: allows you to audit events generated by the IPsec filter driver.
Success
Audit Other System Events: allows you to audit any of the following events: Startup and shutdown of the Windows Firewall service and driver. Security policy processing by the Windows Firewall Service. Cryptography key file and migration operations.
Success, Failure
Audit Security State Change: allows you to audit events generated by changes in the security state of the computer such as the following events: Startup and shutdown of the computer. Change of system time. Recovering the system from CrashOnAuditFail, which is logged after a system restarts when the security event log is full and the CrashOnAuditFail registry entry is configured.
Success
Audit Security System Change: allows you to audit events related to security system extensions or services.
Workstation: No Auditing.
Server: Success, Failure
Audit System Integrity: allows you to audit events that violate the integrity of the security subsystem
Success, Failure
19. * For more details on how these policies may effect end users visit: http://technet.microsoft.com/en-us/library/cc875814.aspx
Global Object Access Auditing
File System: allows you to apply a comprehensive object access audit policy to every file and folder on the file system for a computer. Configuring this setting also allows you to demonstrate that every file and folder on the computer is monitored by an audit policy that is managed from a central location. This setting applies a global system access control list (SACL) to every file and folder. If either a file or folder SACL and a global SACL are configured on a computer, the effective SACL is derived by combining the file or folder SACL and the global SACL. This means that an audit event is generated when an activity matches either the file or folder SACL or the global SACL.
Depends on the effective SACL and the level of user activity
Registry: allows you to apply a global object access audit policy to the registry for an entire computer. This policy setting allows you to demonstrate that every registry object on the computer is protected by an audit policy that is managed from a central location. This setting applies a global system access control list (SACL) to every registry object. If both a registry SACL and a global SACL are configured on a computer, the effective SACL is derived by combining the registry SACL and the global SACL. This means that an audit event is generated when an activity matches either the registry key SACL or the global SACL.
Depends on the effective SACL and the level of user activity.
20. II. Windows Server 2012 Hardening Recommendations
a. Additional Server Settings – In addition to the standard system build guidelines above, servers should use the following:
i. Firewall configuration – host-based software firewalls such as Windows Firewall will have to be configured based on the purpose of the server. There should be standard rules/Access Control Listings (ACL’s) for each type of server (i.e. database, web server)
ii. Services – depending on the purpose/use of the server, specific services should be disabled. This will provide defense-in-depth and lessen the computing load.
iii. Add/Remove Role s & Features – only enable the relevant features:
b. Group Policy Object (GPO) Recommendations
i. Rename the Local Administrator Account
ii. Disable the Guest Account
iii. Disable LM and NTLM v1
iv. Disable LM hash storage
21. v. Set minimum password length
vi. Set maximum password age
vii. Enable event logs
viii. Disable anonymous SID enumeration
ix. Disallow the anonymous account from residing in the everyone group
x. Enable User Account Control
III. Additional Recommendations – In addition to the specific configurations mentioned above, we would recommend considering the following:
a. Workstations:
i. Use GPO’s – to simplify implementing security policies, use Group Policy Objects, particularly for settings like password complexity.
ii. Have a workstation list – include assigned user, service tag, etc.
iii. Force encryption – particularly for mobile devices (i.e. tablets/laptops), this is a must.
iv. Configure BIOS – set to boot from local hard drive only and set a BIOS password.
v. Disable USB ports on any systems that will access sensitive data.
vi. Install and utilize performance tools:
1. Stand-alone optimization tool (CCleaner, Registry Editor, etc.)
a. Registry cleaning
b. Malware scanning
c. Cleans up temp files
2. Disc Defragmentation
a. Consolidates fragmented files improving overall performance and system function
b. Servers:
i. Use Static IP addresses – this makes terminal/remote services, web/application servers, etc. much easier to access and manage
ii. Create a detailed server list – this should include server name, IP, purpose, service tag, OS and responsible party.
22. iii. Centralize security – before being fully deployed, verify that servers have been appropriately patched and have been added to centralized anti-malware and vulnerability scanning consoles.
iv. UPS and power-saving – critical servers should have power back-ups to ensure availability directly after an outage until the generator restores long-term power.
v. Reset defaults – rename the default local admin accounts and reset the passwords
vi. Backups/Restores – no production data should ever get onto a server without being backed up. Data restoration should be tested.
IV. Summary and Potential Impact
Each of these points and their potential impact should be carefully considered for implementation on some or all of Verisk Health’s workstation builds to eliminate or mitigate attacks or other security risks and keep Verisk Health in compliance with security standards. If Verisk Health were to implement all changes, it would be able to bring workstations to 86% and servers to 93% compliance with the corresponding CIS-CAT benchmarks.