操作系统安全评估检查表Windows.docx
- 文档编号:6988882
- 上传时间:2023-01-15
- 格式:DOCX
- 页数:16
- 大小:18.64KB
操作系统安全评估检查表Windows.docx
《操作系统安全评估检查表Windows.docx》由会员分享,可在线阅读,更多相关《操作系统安全评估检查表Windows.docx(16页珍藏版)》请在冰豆网上搜索。
操作系统安全评估检查表Windows
操作系统审计检查表
WINDOWS安全审核
被审核部门
审核人员
审核日期
陪同人员
序号
审核项目
审核步骤/方法
审核结果
补充说明
改进建议
1
补丁安装情况
2
主要帐户策略审查
密码长度最少8位,密码周期最长为90天
3
审核策略
对所有帐户登录事件进行审核
对所有的帐户管理事件进行审核
对所有登录事件进行审核
审核失败访问的组件
对策略更改事件进行审核
审核失败的特权事件
审核所有系统事件
4
帐户策略
最小密码历史:
1天
最长密码周期:
90天
最小密码长度:
8个字符
密码复杂度:
Enabled
密码历史:
24PasswordsRemembered
存储的密码是否可用于可逆加密:
Disabled
5
帐户锁定策略
帐户锁定周期:
15Minutes(minimum)
帐户锁定条件:
3次失败登录
复位时间:
15Minutes(minimum)
6
事件日志审核
对于系统、安全、应用系统日志,审核下面的项目:
最大日志容量:
80Mb(minimum)
限制GUEST帐户访问日志:
Enabled
日志保持方法:
“必要时候重写日志”
7
主要安全设置审核
对外在的匿名用户禁止访问。
8
安全选项
允许系统在未登录前关闭计算机:
Disabled
允许格式化和弹出可移动媒体:
Administrators
AmountofIdleTimeRequiredBeforeDisconnectingSession:
30Minutes(maximum)
在超过登录时间后强制注销:
Enabled
系统关闭时清除虚存页面文件:
Enabled
数字签名客户端通信(如可能):
Enabled
数字签名服务器端通信(如可能):
Enabled
不需要按CTRL+ALT+Delete登录取:
Disabled
不显示上次登录的用户名:
Enabled
LANManagerAuthentication标准l:
“SendNTLMv2responseonly”(最少)
用户登录时显示的消息文字:
CustomMessageor“Thissystemisfortheuseofauthorizedusersonly.
用户登录时显示的消息标题:
“Warning:
”orcustomtitle.
可被缓存保存的前次登录个数:
0
禁止用户安装打印驱动:
Enabled
在密码到期前多少天提示用户更改密码:
14Days(minimum)
恢复控制台(允许自动管理级登录):
Disabled
恢复控制台(允许对所有的驱动器和文件夹进行软盘拷贝和访问):
Disabled
重命名管理员帐户:
除‘Administrator’外的其它任何名称
重命名Guest帐户:
除‘GUEST’外的其它任何名称
限制只有本地登录用户才允许访问软盘:
Enabled
对安全通道数据进行数字加密(如可能):
Enabled
对安全通道数据进行数字签名(如可能):
Enabled
发送为加密的密码连接第三方SMB服务器:
Disabled
智能卡移除操作:
“锁定工作站”
3.2.1.36StrengthenDefaultPermissionsofGlobalSystemObjects(e.g.SymbolicLinks):
Enabled
对未经过签名的驱动安装行为:
“警告,但允许安装”或者“不允许安装”.
9
注册表安全设置审核
10
审核服务
Alerter–Disabled
Clipbook–Disabled
ComputerBrowser–Disabled
FaxService–Disabled
FTPPublishingService–Disabled–Warning:
将禁止FTP服务
IISAdminService–Disabled–Warning:
ThiswilldisableInternetInformationServices!
InternetConnectionSharing–Disabled
Messenger–Disabled
NetMeetingRemoteDesktopSharing–Disabled
RemoteRegistryService–Disabled
RoutingandRemoteAccess–Disabled
SimpleMailTransferProtocol(SMTP)–Disabled–Warning:
禁止在IISServers上的SMTP服务。
SimpleNetworkManagementProtocol(SNMP)Service–Disabled
SimpleNetworkManagementProtocol(SNMP)Trap–Disabled
Telnet–Disabled
WorldWideWebPublishingServices–Disabled–Warning:
将禁止InternetInformationServices!
AutomaticUpdates–NotDefined
BackgroundIntelligentTransferService–NotDefined
11
用户权利审核
从网络访问此计算机:
Users,Administrators(ornone)
4.2.2Actaspartoftheoperatingsystem:
None
增加工作站到域:
Notapplicable
备份文件和目录:
Administrators
4.2.5Bypasstraversechecking:
Users
更改系统时间:
Administrators
创建页面文件:
Administrators
创建全局对象:
None
创建永久共享对象:
None
诊断程序:
None
拒绝从网络访问此计算机:
Guests
拒绝作为批处理进行登录:
Nonebydefault(othersallowableasappropriate)NotDefined
拒绝作为服务登录:
Nonebydefault(othersallowableasappropriate)NotDefined
拒绝本地登录:
Nonebydefault(othersallowableasappropriate)NotDefined
从远端强制关机:
Administrators
管理和审核安全日志:
None
增加内存配额:
Administrators
增加进度优先级Administrators
安装和卸载设备驱动程序:
Administrators
内存中锁定页:
None
作为批作业登录:
None(“NotDefined”)
作为服务登录:
None(“NotDefined”)
本地登录:
Administrators(otherspecificusersallowable)
管理审核和安全日志:
Administrators
更改防火墙环境选项:
Administrators
配置单一进程:
Administrators
配置系统性能:
Administrators
从插接工作站中取出计算机:
Administrators
替换进程级记号:
None
恢复文件和目录:
Administrators
关闭系统:
Administrators
同步目录服务数据:
NotApplicable
取得文件和其他对象的所有权:
Administrators
12
其他系统需求
确保磁盘卷为NTFS文件系统。
建议使用NTFS文件系统
13
文件权限
%SystemDrive%\-Administrators:
Full;System:
Full;CreatorOwner:
Full;Users:
ReadandExecute,List
%SystemDrive%\autoexec.bat–Administrators:
Full;System:
Full
%SystemDrive%\boot.ini–Administrators:
Full;System:
Full
%SystemDrive%\config.sys-Administrators:
Full;System:
Full
%SystemDrive%\io.sys–Administrators:
Full;System:
Full
%SystemDrive%\msdos.sys–Administrators:
Full;System:
Full
%SystemDrive%\ntbootdd.sys-Administrators:
Full;System:
Full
%SystemDrive%\–Administrators:
Full;System:
Full
%SystemDrive%\ntldr-Administrators:
Full;System:
Full
%SystemDrive%\DocumentsandSettings–Administrators:
Full;System:
Full;Users:
ReadandExecute,List
%SystemDrive%\DocumentsandSettings\Administrator–Administrators:
Full;System:
Full
%SystemDrive%\DocumentsandSettings\AllUsers–Administrators:
Full;System:
Full;Users:
ReadandExecute,
List
%SystemDrive%\DocumentsandSettings\AllUsers\Documents\DrWatson–Administrators:
Full;System:
Full;
CreatorOwner:
Full;Users:
TraverseFolder/ExecuteFile,ListFolder/ReadData,ReadAttributes,ReadExtended
Attributes,ReadPermissions(Thisfolder,subfolders,andfiles);Users:
TraverseFolder/ExecuteFiles,Create
Files/WriteData,CreateFolder/AppendData(Subfoldersandfilesonly)
%SystemDrive%\DocumentsandSettings\DefaultUser–Administrators:
Full;System:
Full;Users:
ReadandExecute,List
%SystemDrive%\SystemVolumeInformation–(Donotallowpermissionsonthisfoldertobereplaced)
%SystemDrive%\Temp-Administrators:
Full;System:
Full;CreatorOwner:
Full;Users:
TraverseFolders/Execute
Files,CreateFiles/WriteData,CreateFolders/AppendData
%ProgramFiles%-Administrators:
Full;System:
Full;CreatorOwner:
Full;Users:
ReadandExecute,List
%SystemDrive%\ProgramFiles\ResourceKit–Administrators:
Full;System:
Full
%SystemRoot%–Administrators:
Full;System:
Full;CreatorOwner:
Full;Users:
ReadandExecute,List
%SystemRoot%\$NtServicePackUninstall$–Administrators:
Full;System:
Full
%SystemRoot%\CSC–Administrators:
Full;System:
Full
%SystemRoot%\Debug-Administrators:
Full;System:
Full;CreatorOwner:
Full;Users:
ReadandExecute,List
%SystemRoot%\Debug\UserMode-Administrators:
Full;System:
Full;Users:
TraverseFolder/ExecuteFile,List
folder/Readdata,Createfiles/Writedata(Thisfolder,only);Createfiles/Writedata,Createfolders/Appenddata
(Filesonly)
%SystemRoot%\OfflineWebPages–(Donotallowpermissionsonthiskeytobereplaced)
%SystemRoot%\Registration-Administrators:
Full;System:
Full;Users:
Read
%SystemRoot%\repair-Administrators:
Full;System:
Full
%SystemRoot%\security-Administrators:
Full;System:
Full;CreatorOwner:
Full
%SystemRoot%\system32-Administrators:
Full;System:
Full;CreatorOwner:
Full;Users:
ReadandExecute,List
%SystemRoot%\system32\at.exe–Administrators:
Full;System:
Full
4.4.1.30%SystemRoot%\system32\Ntbackup.exe–Administrators:
Full;System:
Full
4.4.1.31%SystemRoot%\system32\rcp.exe–Administrators:
Full;System:
Full
4.4.1.32%SystemRoot%\regedit.exe–Administrators:
Full;System:
Full
%SystemRoot%\system32\regedt32.exe–Administrators:
Full;System:
Full
%SystemRoot%\system32\rexec.exe–Administrators:
Full;System:
Full
%SystemRoot%\system32\rsh.exe–Administrators:
Full;System:
Full
%SystemRoot%\system32\secedit.exe–Administrators:
Full;System:
Full
%SystemRoot%\system32\appmgmt–Administrators:
Full;System:
Full;Users:
ReadandExecute,List
%SystemRoot%\config–Administrators:
Full;System:
Full
%SystemRoot%\system32\dllcache–Administrators:
Full;System:
Full;CreatorOwner:
Full
%SystemRoot%\system32\DTCLog-Administrators:
Full;System:
Full;CreatorOwner:
Full;Users:
Readand
Execute,List
%SystemRoot%\system32\GroupPolicy-Administrators:
Full;System:
Full;AuthenticatedUsers:
Readand
Execute,List
%SystemRoot%\system32\ias-Administrators:
Full;System:
Full;CreatorOwner:
Full
TheCenterforInternetSecurity
Windows2000Server-Level2BenchmarkforStand-AloneandDomain-MemberServers
Page18of56
%SystemRoot%\system32\NTMSData–Administrators:
Full;System:
Full
%SystemRoot%\system32\reinstallbackups–Administrators:
Full;System:
Full;CreatorOwner:
Full
%SystemRoot%\system32\Setup–Administrators:
Full;System:
Full;Users:
ReadandExecute,List
%SystemRoot%\system32\spool\printers–Administrators:
Full;System:
Full;CreatorOwner:
Full;Users:
TraverseFolder,ExecuteFile,Read,ReadExtendedAttributes,Createfolders,AppendData
%SystemRoot%\Tasks-(Donotallowpermissionsonthiskeytobereplaced)
%SystemRoot%\Temp-Administrators:
Full;System:
Full;CreatorOwner:
Full;Users:
TraverseFolders/Execute
Files,CreateFiles/WriteData,CreateFolders/AppendData
14
文件和注册表审核
%SystemDrive%-Everyone:
Failures(thisfolder,propagateinheritablepermissionstoallsubfoldersandfiles)
HKLM\Software–Everyone:
Failures(thiskey,propagateinheritablepermissiontoallsubkeys)
HKLM\System–Everyone:
Failures(thiskey,propagateinheritablepermissiontoallsubkeys)
15
注册表权限
HKLM\Software\Classes-Administrators:
Full;System:
Full;CreatorOwner:
Full;Users:
Read
HKLM\Software–AdministratorsFull;System:
Full;CreatorOwner:
Full;Users:
Read
HKLM\Software\Microsoft\NetDDE–Administrators:
Full;System:
Full
HKLM\Software\Microsoft\OS/2SubsystemforNT–Administrators:
Full;System:
Full;CreatorOwner:
Full
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\AsrCommands–Administrators:
Full;System:
Full;
CreatorOwner:
Full;Users:
Read;BackupOperators:
QueryValue,SetValue,CreateSubkey,Enumerate
Subkeys,Notify,Delete,Read(thiskeyandsubkeys)
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Perflib–Administrators:
Full;System:
Full;Creator
Owner:
Full;Interactive:
Read(thiskeyandsubkeys)
HKLM\Software\Microsoft\Windows\CurrentVersion\GroupPolicy-Administrators:
Full;System:
Full;
AuthenticatedUsers:
Read
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer-AdministratorsFull;System:
Full;Users:
Read
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies-Administrators:
Full;System:
Full;Authenticated
Users:
Read
HKLM\System-AdministratorsFull;System:
Full;CreatorOwner:
Full;U
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 操作 系统安全 评估 检查表 Windows