操作系统审计检查表(共21页)
《操作系统审计检查表(共21页)》由会员分享,可在线阅读,更多相关《操作系统审计检查表(共21页)(21页珍藏版)》请在装配图网上搜索。
1、精选优质文档-倾情为你奉上然后操作系统审计检查表 WINDOWS sp sp3 安全审核被审核部门审核人员审核日期2013-12-21陪同人员序号审核项目审核步骤/方法审核结果补充说明改进建议1补丁安装情况1 security updates are missing.113 security updates are missing. 4 service packs or update rollups are missing.没有更新设置自动更新2主要帐户策略审查密码长度最少8位,密码周期最长为90天0没有设置密码策略设置密码策略,把密码长度最小值设置为8,密码最长存储期设置为903审核策略对所
2、有帐户登录事件进行审核对所有的帐户管理事件进行审核对所有登录事件进行审核审核失败访问的组件对策略更改事件进行审核审核失败的特权事件审核所有系统事件未审查没有设置进行策略审查安全设置4帐户策略最小密码历史: 1天最长密码周期: 90 天最小密码长度: 8个字符密码复杂度: Enabled密码历史: 24 Passwords Remembered存储的密码是否可用于可逆加密: Disabled最小密码历史: 0天最长密码周期: 0天最小密码长度: 0个字符密码复杂度: 已停用密码历史:0 Passwords Remembered存储的密码是否可用于可逆加密: 已停用没有设置账户策略按照要求进行账户
3、策略设置5帐户锁定策略帐户锁定周期: 15 Minutes (minimum)帐户锁定条件: 3 次失败登录复位时间: 15 Minutes (minimum)帐户锁定周期: 不适用帐户锁定条件: 0 次失败登录复位时间: 不适用没有进行用户锁定策略设置进行安全设置6事件日志审核对于系统、安全、应用系统日志,审核下面的项目:最大日志容量: 80 Mb (minimum)限制GUEST帐户访问日志: Enabled日志保持方法: “必要时候重写日志”最大日志容量: 512kb(minimum)限制GUEST帐户访问日志: Enabled日志保持方法: 改写久于7天的日志按要求进行事件查看器进行7
4、主要安全设置审核对外在的匿名用户禁止访问。Guest8安全选项允许系统在未登录前关闭计算机:Disabled允许格式化和弹出可移动媒体: AdministratorsAmount of Idle Time Required Before Disconnecting Session: 30 Minutes (maximum)在超过登录时间后强制注销: Enabled系统关闭时清除虚存页面文件: Enabled数字签名客户端通信(如可能):Enabled数字签名服务器端通信(如可能):Enabled不需要按 CTRL+ALT+Delete 登录取: Disabled不显示上次登录的用户名: Ena
5、bledLAN Manager Authentication 标准l: “Send NTLMv2 response only” (最少)用户登录时显示的消息文字: Custom Message or “This system is for the use of authorized users only.用户登录时显示的消息标题: “Warning:” or custom title.可被缓存保存的前次登录个数: 0禁止用户安装打印驱动: Enabled在密码到期前多少天提示用户更改密码: 14 Days (minimum)恢复控制台(允许自动管理级登录): Disabled恢复控制台(允许对
6、所有的驱动器和文件夹进行软盘拷贝和访问): Disabled重命名管理员帐户:除Administrator外的其它任何名称重命名Guest 帐户:除GUEST外的其它任何名称限制只有本地登录用户才允许访问软盘: Enabled对安全通道数据进行数字加密(如可能): Enabled对安全通道数据进行数字签名(如可能): Enabled发送为加密的密码连接第三方 SMB 服务器:Disabled智能卡移除操作:“锁定工作站” 3.2.1.36 Strengthen Default Permissions of Global System Objects (e.g. Symbolic Links):
7、 Enabled对未经过签名的驱动安装行为 : “警告, 但允许安装” 或者 “不允许安装”.允许系统在未登录前关闭计算机:已启用允许格式化和弹出可移动媒体: AdministratorsAmount of Idle Time Required Before Disconnecting Session: 15 Minutes (maximum)在超过登录时间后强制注销: 已停用系统关闭时清除虚存页面文件: 已停用数字签名客户端通信(如可能):已停用数字签名服务器端通信(如可能):已停用不需要按 CTRL+ALT+Delete 登录取:没有定义不显示上次登录的用户名: 已停用LAN Manage
8、r Authentication 标准l: 发送LM&NTML用户登录时显示的消息文字: 无用户登录时显示的消息标题: 没有定义可被缓存保存的前次登录个数: 10禁止用户安装打印驱动: 已停用在密码到期前多少天提示用户更改密码: 14 Days (minimum)恢复控制台(允许自动管理级登录): 已停用恢复控制台(允许对所有的驱动器和文件夹进行软盘拷贝和访问): 已停用重命名管理员帐户:除Administrator外的其它任何名称重命名Guest 帐户:除GUEST外的其它任何名称限制只有本地登录用户才允许访问软盘: 已停用对安全通道数据进行数字加密(如可能): Enabled对安全通道数据
9、进行数字签名(如可能): 已启用发送为加密的密码连接第三方 SMB 服务器:Disabled智能卡移除操作:“锁定工作站” 3.2.1.36 Strengthen Default Permissions of Global System Objects (e.g. Symbolic Links): Enabled对未经过签名的驱动安装行为 : “警告, 但允许安装” 或者 “不允许安装”.配置不完全按照要求进行安全选项配置9注册表安全设置审核10审核服务Alerter DisabledClipbook DisabledComputer Browser DisabledFax Service D
10、isabledFTP Publishing Service Disabled Warning: 将 禁止 FTP 服务IIS Admin Service Disabled Warning: This will disable Internet Information Services!Internet Connection Sharing DisabledMessenger DisabledNetMeeting Remote Desktop Sharing DisabledRemote Registry Service DisabledRouting and Remote Access Dis
11、abledSimple Mail Transfer Protocol (SMTP) Disabled Warning: 禁止在 IIS Servers上的SMTP服务。Simple Network Management Protocol (SNMP) Service DisabledSimple Network Management Protocol (SNMP) Trap DisabledTelnet Disabled World Wide Web Publishing Services Disabled Warning: 将禁止 Internet Information Services!
12、Automatic Updates Not DefinedBackground Intelligent Transfer Service Not Defined无审核无审核无审核无审核无审核无审核无审核无审核无审核无审核无审核无审核11用户权利审核从网络访问此计算机: Users, Administrators (or none)4.2.2 Act as part of the operating system: None增加工作站到域:Not applicable备份文件和目录: Administrators4.2.5 Bypass traverse checking: Users更改系统时
13、间: Administrators创建页面文件: Administrators创建全局对象: None创建永久共享对象: None诊断程序: None拒绝从网络访问此计算机: Guests拒绝作为批处理进行登录: None by default (others allowable as appropriate) Not Defined拒绝作为服务登录: None by default (others allowable as appropriate) Not Defined拒绝本地登录: None by default (others allowable as appropriate) Not
14、 Defined从远端强制关机:Administrators管理和审核安全日志: None增加内存配额: Administrators增加进度优先级Administrators安装和卸载设备驱动程序:Administrators内存中锁定页: None作为批作业登录:None (“Not Defined”)作为服务登录:None (“Not Defined”)本地登录:Administrators (other specific users allowable)管理审核和安全日志: Administrators更改防火墙环境选项:Administrators配置单一进程: Administra
15、tors配置系统性能: Administrators从插接工作站中取出计算机: Administrators替换进程级记号: None恢复文件和目录: Administrators关闭系统: Administrators同步目录服务数据:Not Applicable取得文件和其他对象的所有权:AdministratorsAdministrators,BackupOperators,Everyone,PowerUsers,UsersAdministrators,Backup OperatorsAdministrators,PowerUsersAdministratorsAdministrator
16、s,INTERACTIVE,SERVICRGuestGuestAdministratorsAdministratorsAdministratorsAdministratorEETWORK SERVICEAdministratorsAdministrators,Power UsersAdministratorsAdministrators,Power Users,UsersLOCAL SERVICE,NETWORK SERVICEAdministrators,Backup OperatorsAdministrators,Backup Operators,Power Users,UsersAdmi
17、nistrators12其他系统需求确保磁盘卷为 NTFS文件系统。是ntfs;建议使用NTFS文件系统13文件权限%SystemDrive% - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List %SystemDrive%autoexec.bat Administrators: Full; System: Full%SystemDrive%boot.ini Administrators: Full; System: Full%SystemDrive%config.sys
18、 - Administrators: Full; System: Full%SystemDrive%io.sys Administrators: Full; System: Full%SystemDrive%msdos.sys Administrators: Full; System: Full%SystemDrive%ntbootdd.sys - Administrators: Full; System: Full%SystemDrive% Administrators: Full; System: Full%SystemDrive%ntldr - Administrators: Full;
19、 System: Full%SystemDrive%Documents and Settings Administrators: Full; System: Full; Users: Read and Execute, List%SystemDrive%Documents and SettingsAdministrator Administrators: Full; System: Full%SystemDrive%Documents and SettingsAll Users Administrators: Full; System: Full; Users: Read and Execut
20、e,List%SystemDrive%Documents and SettingsAll UsersDocuments DrWatson Administrators: Full; System: Full;Creator Owner: Full; Users: Traverse Folder/Execute File, List Folder/Read Data, Read Attributes, Read ExtendedAttributes, Read Permissions (This folder, subfolders, and files); Users: Traverse Fo
21、lder/Execute Files, CreateFiles/Write Data, Create Folder/Append Data (Subfolders and files only)%SystemDrive%Documents and SettingsDefault User Administrators: Full; System: Full; Users: Read and Execute, List%SystemDrive%System Volume Information (Do not allow permissions on this folder to be repl
22、aced)%SystemDrive%Temp - Administrators: Full; System: Full; Creator Owner: Full; Users: Traverse Folders/ExecuteFiles, Create Files/Write Data, Create Folders/Append Data%ProgramFiles% - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List%SystemDrive%Program Files
23、Resource Kit Administrators: Full; System: Full%SystemRoot% Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List%SystemRoot%$NtServicePackUninstall$ Administrators: Full; System: Full%SystemRoot%CSC Administrators: Full; System: Full%SystemRoot%Debug - Administrator
24、s: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List%SystemRoot%DebugUserMode - Administrators: Full; System: Full; Users: Traverse Folder/Execute File, Listfolder/Read data, Create files/Write data (This folder, only); Create files/Write data, Create folders/Append data(Files o
25、nly)%SystemRoot%Offline Web Pages (Do not allow permissions on this key to be replaced)%SystemRoot%Registration - Administrators: Full; System: Full; Users: Read%SystemRoot%repair - Administrators: Full; System: Full%SystemRoot%security - Administrators: Full; System: Full; Creator Owner: Full%Syste
26、mRoot%system32 - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List%SystemRoot%system32at.exe Administrators: Full; System: Full4.4.1.30 %SystemRoot%system32Ntbackup.exe Administrators: Full; System: Full4.4.1.31 %SystemRoot%system32rcp.exe Administrators: Full; S
27、ystem: Full4.4.1.32 %SystemRoot%regedit.exe Administrators: Full; System: Full%SystemRoot%system32regedt32.exe Administrators: Full; System: Full%SystemRoot%system32rexec.exe Administrators: Full; System: Full%SystemRoot%system32rsh.exe Administrators: Full; System: Full%SystemRoot%system32secedit.e
28、xe Administrators: Full; System: Full%SystemRoot%system32appmgmt Administrators: Full; System: Full; Users: Read and Execute, List%SystemRoot%config Administrators: Full; System: Full%SystemRoot%system32dllcache Administrators: Full; System: Full; Creator Owner: Full%SystemRoot%system32DTCLog - Admi
29、nistrators: Full; System: Full; Creator Owner: Full; Users: Read andExecute, List%SystemRoot%system32GroupPolicy - Administrators: Full; System: Full; Authenticated Users: Read andExecute, List%SystemRoot%system32ias - Administrators: Full; System: Full; Creator Owner: FullThe Center for Internet Se
30、curityWindows 2000 Server - Level 2 Benchmark for Stand-Alone and Domain-Member ServersPage 18 of 56%SystemRoot%system32NTMSData Administrators: Full; System: Full%SystemRoot%system32reinstallbackups Administrators: Full; System: Full; Creator Owner: Full%SystemRoot%system32Setup Administrators: Ful
31、l; System: Full; Users: Read and Execute, List%SystemRoot%system32spoolprinters Administrators: Full; System: Full; Creator Owner: Full; Users:Traverse Folder, Execute File, Read, Read Extended Attributes, Create folders, Append Data%SystemRoot%Tasks - (Do not allow permissions on this key to be rep
32、laced)%SystemRoot%Temp - Administrators: Full; System: Full; Creator Owner: Full; Users: Traverse Folders/ExecuteFiles, Create Files/Write Data, Create Folders/Append Data%SystemDrive%ntbootdd.sys:缺省%SystemDrive%Documents and SettingsAll UsersDocuments DrWatson:缺省%SystemDrive%Temp:缺省%SystemDrive%Pro
33、gram FilesResource Kit:缺省%SystemRoot%$NtServicePackUninstall$:缺省%SystemRoot%CSC:缺省%SystemRoot%system32Ntbackup.exe:缺省%SystemRoot%system32secedit.exe:不能打开文件%SystemRoot%system32DTCLog:缺省%SystemRoot%system32NTMSData:缺省按照审核方法进行文件权限设置14文件和注册表审核%SystemDrive% - Everyone: Failures (this folder, propagate in
34、heritable permissions to all subfolders and files)HKLMSoftware Everyone: Failures (this key, propagate inheritable permission to all subkeys)HKLMSystem Everyone: Failures (this key, propagate inheritable permission to all subkeys)%SystemDrive%:Everyone: SuccessHKLMSoftware:Everyone: SuccessHKLMSyste
35、m:Everyone: Success15注册表权限HKLMSoftwareClasses - Administrators: Full; System: Full; Creator Owner: Full; Users: ReadHKLMSoftware Administrators Full; System: Full; Creator Owner: Full; Users: ReadHKLMSoftwareMicrosoftNetDDE Administrators: Full; System: FullHKLMSoftwareMicrosoftOS/2 Subsystem for NT
36、 Administrators: Full; System: Full; Creator Owner: FullHKLMSoftwareMicrosoftWindows NTCurrentVersionAsrCommands Administrators: Full; System: Full;Creator Owner: Full; Users: Read; Backup Operators: Query Value, Set Value, Create Subkey, EnumerateSubkeys, Notify, Delete, Read (this key and subkeys)
37、HKLMSoftwareMicrosoftWindows NTCurrentVersionPerflib Administrators: Full; System: Full; CreatorOwner: Full; Interactive: Read (this key and subkeys)HKLMSoftwareMicrosoftWindowsCurrentVersionGroup Policy - Administrators: Full; System: Full;Authenticated Users: ReadHKLMSoftwareMicrosoftWindowsCurren
38、tVersionInstaller - Administrators Full; System: Full; Users: ReadHKLMSoftwareMicrosoftWindowsCurrentVersionPolicies - Administrators: Full; System: Full; AuthenticatedUsers: ReadHKLMSystem - Administrators Full; System: Full; Creator Owner: Full; Users: ReadHKLMSystemClone Allow inheritable permiss
39、ions to propagate to this objectHKLMSystemControlSet001 - Administrators Full; System: Full; Creator Owner: Full; Users: ReadHKLMSystemControlSet00x - Administrators Full; System: Full; Creator Owner: Full; Users: Read* Apply these permissions to all control sets other than CurrentControlSet.HKLMSys
40、temCurrentControlSetControlSecurePipeServersWinReg Administrators: Full; System: Full; BackupOperators: Query Value, Enumerate Subkeys, Notify, Read Permissions (this key only)HKLMSystemCurrentControlSetControlWMISecurity Administrators: Full; System: Full; Creator Owner: Full(this key and subkeys)H
41、KLMSystemCurrentControlSetEnum - Administrators Read; System: Full; Authenticated Users: Read (Do notallow permissions on this key to be replaced)HKLMSystemCurrentControlSetHardware Profiles Administrators Full; System: Full; Creator Owner: Full;Users: ReadHKLMSystemCurrentControlSetServicesSNMPPara
42、metersPermittedManagers - Administrators Full; System: Full;Creator Owner: FullHKLMSystemCurrentControlSetServicesSNMPParametersValidCommunities - Administrators Full; System: Full;Creator Owner: FullHKU.Default - Administrators Full; System: Full; Creator Owner: Full; Users: ReadHKU.DefaultSoftware
43、MicrosoftNetDDE - Administrators Full; System: FullHKU.DefaultSoftwareMicrosoftProtected Storage System Provider No entries 不满足:Creator Owner: 缺省不满足:Creator Owner: 缺省满足?不满足:Creator Owner: 缺省;不满足:Creator Owner: 缺省;满足满足满足不满足:Creator Owner: 缺省;该项缺省满足该项缺省不满足:无System项满足满足满足该项缺省该项缺省满足满足满足将管理访问注册表权限设置到最高,其他用户不拥有此权限访问,修改注册表专心-专注-专业
- 温馨提示:
1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
2: 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
3.本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 装配图网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
