MEDS – Sample Report - MIEL e

Transcription

CONFIDENTIAL
MIEL’S ENDPOINT DIAGNOSTIC REPORT
PREPARED BY
MIEL e-Security Pvt. Ltd.
AML Centre 1, 4th Floor,
8 Mahal Industrial Estates,
Off Mahakali Caves Road,
Andheri (East),
Mumbai - 400 093, India
Tel No: + 91 (22) 3009 6969
Fax No: + 91 (22) 2687 8062
Email: [email protected]
URL: www.mielesecurity.com
ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL
2
Document: Endpoint Diagnostic Report
For: ABC Limited
Prepared By: MIEL e-Security Pvt. Ltd.
Classification: Confidential
Status: Final Report
Version: 1.0
Date: MMMM DD, YYYY
Consultant Name1
Technical Consultant – Information Security
Approver’s Name
Approved By:
Designation
Prepared By:
DISCLAIMER
This report is being supplied by us on the basis that it is for your benefit and information only and that, save
as may be required by law or by a competent regulatory authority (in which case you shall inform us in
advance), it shall not be copied, referred to or disclosed, in whole (save for your own internal purpose) or in
part, without our prior written consent. The report is submitted on the basis that you shall not quote our
name or reproduce our logo in any form or medium without prior written consent. You may disclose in whole
this report to your legal and other professional advisers for the purpose of your seeking advice in relation to
the report, provided that when doing so you inform them that:
Disclosure by them (save for their own internal purposes) is not permitted without our prior written
consent, and
To the fullest extent permitted by law we accept no responsibility or liability to them in connection
with this report.
Any advice, opinion, statement of expectation, forecast or recommendation supplied or expressed by us in
this report is based on the information provided to us and we believe such advice, opinion, statement of
expectation, forecast or recommendation to be true. However such advice, opinion, statement of expectation,
forecast or recommendation shall not amount to any form of guarantee that we have determined or predicted
future events or circumstances but shall ensure accuracy, competency, correctness or completeness of the
report based on the information provided to us.
3
Table of Contents
EXECUTIVE SUMMARY .................................................................................................................5
1. Scope of the Assignment .............................................................................................................................6
2. Project Team ...............................................................................................................................................6
3. Findings (Compliance)............................................................................................................................. 7-9
A. Overall. ...........................................................................................................................................7
B. Location/Department-wise ............................................................................................................8
C. Across Security Categories .............................................................................................................9
4. List of Checks ...................................................................................................................................... 10-11
5. Feedback ............................................................................................................................................. 12-13
A. Analysis . ..................................................................................................................................... 12
B. Recommendations . .................................................................................................................... 12
C. Best Practices ............................................................................................................................. 13
ANNEXURES ............................................................................................................................... 14
ANNEXURE A: List of Endpoints Scanned ....................................................................................................... 15
ANNEXURE B: IP-wise Security Checks Performed ........................................................................................ 17
ANNEXURE C: IP-wise Compliance & Actionable Report ............................................................................. 23
ANNEXURE D: Software Statistics: Undesired Software List ......................................................................... 36
FREQUENTLY ASKED QUESTIONS (FAQs) ..................................................................................... 31
4
5
Executive Summary
MIEL e-Security Pvt. Ltd. was commissioned by ABC Ltd. to perform a security compliance audit of
their endpoints (which included desktops, laptops and servers).
MIEL carried out this audit using its proprietary technology - MEDS (MIEL Endpoint Diagnostic
Service).
The purpose of the audit was to determine the compliance level of ABC Ltd. against their defined
Compliance Policy.
1.
Scope of the Assignment
The scope of the audit was limited to test the effectiveness of the identified internal controls against the
Organization’s Customized Compliance Policy over the range of network comprising of desktops and
laptops.
The MEDS Audit covered 1,522 endpoints across four Locations/Departments.
Audit Location/Department
Location/Dept. 1
800
Location/Dept. 2
157
Location/Dept. 3
85
Location/Dept. 4
480
Total Endpoints :
2.
No. of Endpoints
1522
Project Team
Project team consisted of:
MIEL e-Security Team
Contact Information
Project Lead Engineer
[email protected]
Activity Engineer
[email protected]
ABC Team
Contact Information
Customer Name – SPOC
[email protected]
6
3.
A.
Findings
Findings: Overall Compliance
The overall compliance level for this audit is MEDIUM.
Legend:
Level
Range (%)
Description
81% - 100%
The endpoints compliance exceeds the industry standard
compliance level.
MEDIUM
61% - 80%
The endpoints compliance is around the industry
standard compliance levels. However, there is room for
improvement.
LOW
0% - 60%
The endpoints compliance is below the industry standard
compliance levels and action must be taken to increase the
compliance level.
HIGH
7
B.
Findings: Across Location / Department-wise
The overall compliance level by Location/Dept. is provided below:
Compliance Across Location/Dept.
90
78%
77%
78%
81%
80
Average Compliance (%)
70
60
50
40
30
20
10
Locations
Location/Dept. 1
Location/Dept. 2
Location/Dept. 3
Location/Dept. 4
Location
Average
Compliance (%)
Minimum
Compliance (%)
Maximum
Compliance (%)
Location/Dept. 1
77%
38%
100%
Location/Dept. 2
78%
17%
100%
Location/Dept. 3
78%
55%
93%
Location/Dept. 4
81%
17%
100%
8
C.
Findings: Across Security Categories
The audit was performed across a set of 10 Security Categories. The following are the compliance levels
in each category:
Compliance Across Security Categories
100
97%
100%
96%
91%
90
83%
75%
Average Compliance (%)
80
68%
67%
70
60
50
40
29%
30
20
15%
10
0
Type of Security Categories
9
4.
List of Checks
Complete list of checks as per the Organization’s Customized Compliance policy:
ANTIVIRUS
Sr. No.
Check Name
Expected Value
Compare Logic
1
Is Antivirus Auto-Protect Enabled
Enabled
=
ISO 27001
Control
A.10.4.1
2
Is Antivirus Present
Enabled
=
A.10.4.1
3
Is Antivirus Updated
Enabled
=
A.10.4.1
4
Symantec MR Version
Should Contain
5
Symantec Virus Definitions
Should Contain
AUTO UPDATE
Sr. No.
1
Check Name
Expected Value
Compare Logic
ISO 27001
Control
Automatic Update Status
Download updates for me, but
let me choose when to install
them
=
A.10.1.2
Expected Value
Compare Logic
ISO 27001
Control
CUSTOM REGISTRY
Sr. No.
1
2
Check Name
Symantec Managed Clients Group
Name
Symantec Policy Serial Number
Should Contain
Should Contain
INFORMATIONAL CHECKS
Sr. No.
Check Name
Expected Value
Compare Logic
1
Installed Hotfixes
Should Contain
2
Network File Shares
Should Contain
3
Non-NTFS Partitions
Should Contain
4
Softwares Installed
Should Contain
5
Softwares Installed - Full Details
Should Contain
ISO 27001
Control
PASSWORD POLICY
Sr. No.
Check Name
Expected Value
Compare Logic
1
Account Lockout Threshold
5
>=
ISO 27001
Control
A.11.5.1
2
Enforce Password History
Maximum Password Age [in
number of days]
Minimum Password Age [in
number of days]
Minimum Password Length
3
>=
A.11.5.1
30
>=
A.11.3.1
1
>=
A.11.3.1
8
>=
A.11.3.1
3
4
5
10
SCREENSAVER
Sr. No.
Check Name
Expected Value
Compare Logic
1
Is Screen Saver Activated
Screen Saver Timeout Duration
[in number of seconds]
Enabled
=
ISO 27001
Control
A.11.3.3
900
>=
A.11.3.3
2
SECURITY OPTIONS
Sr. No.
Check Name
Expected Value
Compare Logic
ISO 27001
Control
1
Interactive logon: Message text
for users attempting to log on
THIS IS A PRIVATE COMPUTER
SYSTEM,
Should Contain
A.11.5.1
2
Interactive logon: Message title
for users attempting to log on
!!! Attention!!!
=
A.11.5.1
Sr. No.
Check Name
Expected Value
Compare Logic
ISO 27001
Control
1
Bluetooth file transfer disabled
Disable auto run on all external
storage devices
Read only access to CD ROM
drives
USB mass storage device disabled
Enabled
=
Enabled
=
Enabled
=
Enabled
=
SEP
2
3
4
USER ACCOUNTS
Sr. No.
Check Name
Expected Value
Compare Logic
1
Is Guest Account Active
Disabled
=
ISO 27001
Control
A.11.2.2
2
Is User an Administrator
Disabled
=
A.11.2.2
ISO 27001
Control
USER RIGHTS ASSIGNMENT
Sr. No.
Check Name
Expected Value
Compare Logic
1
Log on locally
'Administrators'
'Domain Users'
Should Contain
11
5.
Feedback
A. Analysis
The overall compliance appears to be at the higher end of the industry standards for the
XYZ vertical.
Findings that need immediate action:
i.
The SEP checks to disallow USB flash drives are only implemented on portable
systems and not desktops. This may allow desktop users to copy unauthorized
content onto flash drives.
ii.
The automatic updates have not been configured as per the industry standard
requirements.
B. Recommendations
Automatic Updates need to be configured to download and install patches automatically.
The Symantec SEP policies need to be implemented on both portable and desktop systems.
Screensaver policies should be configured to lock the system after 15 minutes.
12
C. Best Practices
MIEL recommends the following best practices at all locations:
Access to data on the USB thumb drive should be protected by password and/or
encryption.
Audit and user policies should be implemented as per the best practices provided by
MIEL.
Screen saver should be enabled and it should be secured. Screen saver time-out
duration should be set as per the best practices provided.
Set automatic update to automatically download recommended updates for the systems
and install them.
A third-party security tool should be in place to log all files copied to an authorized USB
drive.
Controls should be in place to prevent an unauthorized USB drive from being accessible
to a workstation.
Antivirus software should be installed and scheduled to run at regular intervals. In
addition, the anti-virus software and the virus pattern files must be kept up-to-date.
13
14
ANNEXURES
ANNEXURE A: List of Endpoints Scanned
MEDS - Detailed Compliance Report
MMMM DD, YYYY 00:00 AM/PM
Task Details
Tas k N ame :
ABC_Location 3_Scan
Tas k Status :
Finished
Tas k Type :
Order
Template N ame :
Customized Policy
Template
D es c ription :
This is a health-check that audits the endpoints as per the
organizations policy (ABC Limited)
Create Time :
Start Time :
End Time :
List Of Endpoints Scanned
Sr. No.
Host Name
IP
Compliance
1
ABC_D_001
10.10.12.4
55.17%
2
ABC_D_002
10.10.12.5
62.07%
3
ABC_D_003
10.10.12.6
57.69%
4
ABC_D_004
10.10.12.7
68.97%
5
ABC_D_005
10.10.12.8
69.23%
6
ABC_D_006
10.10.12.9
89.66%
7
ABC_D_007
10.10.12.10
68.97%
8
ABC_D_008
10.10.12.11
93.10%
9
ABC_D_009
10.10.12.12
89.66%
10
ABC_D_010
10.10.12.13
79.31%
11
ABC_D_011
10.10.12.14
82.76%
12
ABC_D_012
10.10.12.15
82.76%
13
ABC_D_013
10.10.12.16
86.21%
14
ABC_D_014
10.10.12.17
65.52%
15
ABC_D_015
10.10.12.18
82.76%
16
ABC_D_016
10.10.12.19
89.66%
17
ABC_D_017
10.10.12.20
89.66%
18
ABC_D_018
10.10.12.21
89.66%
19
ABC_D_019
10.10.12.22
93.10%
20
ABC_D_020
10.10.13.54
68.97%
21
ABC_D_021
10.10.13.55
68.97%
22
ABC_D_022
10.10.13.56
72.41%
23
ABC_D_023
10.10.13.57
72.41%
15
List Of Endpoints Scanned
Sr. No.
Host Name
IP
Compliance
24
ABC_D_024
10.10.13.58
93.10%
25
ABC_D_025
10.10.13.59
65.52%
26
ABC_L_001
10.10.13.60
89.66%
27
ABC_L_002
10.10.13.61
93.10%
28
ABC_L_003
10.10.13.62
89.66%
29
ABC_L_004
10.10.13.63
62.07%
30
ABC_L_005
10.10.13.64
65.52%
31
ABC_L_006
10.10.13.65
65.52%
32
ABC_L_007
10.10.13.66
68.97%
33
ABC_L_008
10.10.13.67
75.86%
34
ABC_L_009
10.10.13.68
93.10%
35
ABC_L_010
10.10.13.69
72.41%
36
ABC_L_011
10.10.14.72
65.52%
37
ABC_L_012
10.10.14.73
86.21%
38
ABC_L_013
10.10.14.74
93.10%
39
ABC_L_014
10.10.14.75
82.76%
40
ABC_L_015
10.10.14.76
55.17%
41
ABC_L_016
10.10.14.77
68.97%
42
ABC_L_017
10.10.14.78
55.17%
43
ABC_L_018
10.10.14.79
89.66%
44
ABC_L_019
10.10.14.80
89.66%
45
ABC_L_020
10.10.14.81
68.97%
46
ABC_L_021
10.10.14.82
62.07%
47
ABC_L_022
10.10.14.83
93.10%
48
ABC_L_023
10.10.14.84
79.31%
49
ABC_L_024
10.10.14.85
89.66%
50
ABC_L_025
10.10.14.86
75.86%
51
ABC_L_026
10.10.14.87
93.10%
52
ABC_L_027
10.10.14.88
86.21%
53
ABC_L_028
10.10.14.89
86.21%
54
ABC_L_029
10.10.14.90
93.10%
55
ABC_L_030
10.10.14.91
79.31%
56
ABC_L_031
10.10.14.92
75.86%
57
ABC_L_032
10.10.14.93
89.66%
58
ABC_L_033
10.10.14.94
68.97%
59
ABC_L_034
10.10.14.95
89.66%
60
ABC_L_035
10.10.14.96
62.07%
61
ABC_L_036
10.10.14.97
89.66%
62
ABC_L_037
10.10.14.98
65.52%
63
ABC_L_038
10.10.14.99
68.97%
16
ANNEXURE B: IP-wise Security Checks Performed
Security Check
Expected Value
Security Compliance
Test_D_03
10.1.2.9
ANTIVIRUS
Is Antivirus Auto-Protect Enabled ?
Is Antivirus Present ?
Is Antivirus Updated ?
Which Mcafee Agent GUID is present ?
Which Mcafee Virus Definitions Version is present ?
Which Mcafee Virus Engine Version is present ?
Which Symantec MR Version is present ?
Which Symantec Virus Definitions is present ?
Are you auditing account logon events for failure or success ?
Are you auditing account management for failure or success ?
Are you auditing directory service access for failure or success?
Are you auditing logon events for failure or success?
AUDIT POLICY
Are you auditing object access for failure or success ?
Are you auditing policy change for failure or success ?
Are you auditing privilege use for failure or success ?
Are you auditing process tracking for failure or success ?
Are you auditing system events for failure or success ?
AUTO UPDATE
CUSTOM CHECKS
EVENTLOG SCAN
FIREWALL POLICIES
PASSWORD POLICY
PATCH LEVEL
Test_D_02
10.1.2.2
Test_L_01
10.1.1.11
Enabled
Enabled
Enabled
Test
Installed Version : 4.0, Latest Available
Version : 4.1
Installed Version : 3.0, Latest Available
Version :3.10
ABC
Installed Version : 01/01/0001 r0, Latest
Available Version : 01/01/0001 r0
Failure
Success
Failure
Success
Failure
Success
Failure
Success
Failure
Success
Failure
Success
Failure
Success
Failure
Success
Failure
Success
What is the automatic Update status of windows ?
Automatically download recommended
updates for my computer and install them
Which Symantec Policy Serial Number is present ?
544B-01/25/2011 16:31:13 226
Which Symantec Managed Clients Group Name is present ?
My Company\Desktop\Desktop 32 BIT
Which Trend Micro Build Number is present ?
What is date of Trend Micro Pattern ?
Which Trend Micro Program Version is present ?
What is the Desktop path ?
What is the last successful windows update date ?
What is Documents folder path ?
1083
20110818
10.8
D:\All_Desktop\test\Desktop
25-08-11 7:31
D:\ALL_My Documents\test\My Documents
Which Windows version is present ?
6
What is Maximum Application Log Size [in KiloBytes] ?
2048
What is Maximum Security Log Size [in KiloBytes] ?
What is Maximum System Log Size [in KiloBytes] ?
2048
2048
Which are the Exceptions for Authorized Applications if any ?
Is Firewall Enabled ?
D:\Tally9\tally9.exe
C:\Program Files\ORL\VNC\WinVNC.exe
139:TCP
445:TCP
137:UDP
Enabled
What is Account Lockout Duration [in number of minutes] ?
20
What is the value for Account Lockout Threshold ?
3
What is the count for Enforce Password History ?
2
What is Maximum Password Age [in number of days] ?
30
What is Minimum Password Age [in number of days] ?
1
What is Minimum Password Length [in number of characters] ?
8
What is the duration for Reset Account Lockout Counter After [in
number of minutes] ?
10
What is the level of Windows Patch ?
System is Fully Updated
Which are the Exceptions for Open Ports if any ?
Test_L_09
10.1.2.7
17
Security Check
Expected Value
Does the user have access to CD-ROM Drives ?
Does the user have access to Floppy Drives ?
Does the user have access to Internet Explorer Security Page ?
Enabled
Enabled
Enabled
Does the user have access to Registry Editing Tools ?
Is user allow the Saving of Passwords for Forms ?
Is automatic Logon of Users of Workstation Enabled ?
Is Autorun Status Enabled ?
Is Changing of Internet Explorer Advanced Page Settings Enabled ?
Enabled
Enabled
Enabled
Enabled
Enabled
Is Simple TCP/IP Services ?
Is SNMP Enabled ?
Disabled
Enabled
SCREENSAVER
Is Screen Saver Secured
What is Screen Saver Timeout Duration [in number of seconds]
Enabled
Enabled
600
USB DEVICES
Which are the Connected Usb Devices?
Is USB Driver Status Enabled ?
Is USB Port Status Enabled ?
No Devices
Enabled
Disabled
Is Guest Account Active ?
Is User an Administrator ?
Which Local Administrators are present in the system ?
Disabled
Enabled
WIN-VUMGXRU5CVF\Administrator
WIN-VUMGXRU5CVF\socuser
Administrator
Guest
socuser
MISCELLANEOUS
HARDENING
USER ACCOUNTS
Which Local Users are present in the system ?
Which Hotfixes are Installed ?
KB2079403
KB2124261
KB2141007
KB2207566
Who is the Last Logged In User ?
What is Last System Boot Up Time ?
What is the Name of Computer ?
What is Manufacturer name ?
What is the Model Name ?
Which Processor does the system have ?
What is the RAM size ?
What is the Disk size ?
Which Network Files are Shared ?
\Localuser
02-09-11 8:40
TEST_D_056
HP
AWRDACPI
Intel(R) Pentium(R) 4 CPU 2.66GHz
2 GB
40 GB
ADMIN$
C$
IPC$
A:
D:
c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL
Server\90\Shared\sqlwriter.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Internet
Explorer\iexplore.exe
Application Experience
Application Host Helper Service
Application Information
Base Filtering Engine
Background Intelligent Transfer Service
Certificate Propagation
COM+ System Application
Cryptographic Services
DCOM Server Process Launcher
DHCP Client
DNS Client
Which Non-NTFS Partitions the system have ?
INFORMATIONAL
CHECKS
Which Processes are running while Scanning ?
Which Services are Installed ?
Security Compliance
18
Security Check
INFORMATIONAL
CHECKS
SECURITY OPTIONS
Expected Value
Which Softwares are Installed ?
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Report Viewer Redistributable
2008 (KB952241)
Microsoft SQL Server 2005
Nmap 5.51
TeamViewer 6
WinPcap 4.1.2
Microsoft Visual C++ 2010 x86
Redistributable - 10.0.30319
Microsoft Visual C++ 2008 Redistributable x86 9.0.30729.4148
Which Softwares are Installed - Full Details
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
(SQLEXPRESS)
Security Update for Microsoft .NET
Framework 4 Client Profile (KB2446708)
Update for Microsoft .NET Framework 4
Client Profile (KB2473228)
Microsoft SQL Server Setup Support Files
(English)
Accounts: Is Limit local account use of blank passwords to console
logon only Enabled ?
Audit: Is Audit the access of global system objects Enabled ?
Audit: Is Audit the use of Backup and Restore privilege Enabled ?
Audit: Is Force audit policy subcategory settings (Windows Vista or
later) to override audit policy category settings Enabled ?
Enabled
Audit: Is Shut down system immediately if unable to log security audits
Enabled ?
DCOM: Is Machine Access Restrictions in Security Descriptor Definition
Language (SDDL) syntax Enabled ?
DCOM: Is Machine Launch Restrictions in Security Descriptor
Definition Language (SDDL) syntax ?
Devices: Is Allow undock without having to log on Enabled ?
Disabled
Devices: Is Allowed to format and eject removable media Enabled ?
Devices: Is Prevent users from installing printer drivers Enabled ?
Devices: Is Restrict CD-ROM access to locally logged-on user only
Enabled ?
Devices: Is Restrict floppy access to locally logged-on user only
Enabled ?
Domain controller: Is Allow server operators to schedule tasks Enabled
?
Domain controller: Is LDAP server signing requirements Enabled ?
Domain controller: Is Refuse machine account password changes
Enabled ?
Domain member: Is Digitally encrypt or sign secure channel data
(always) Enabled ?
Domain member: Is Digitally encrypt secure channel data (when
possible) Enabled ?
Domain member: Is Digitally sign secure channel data (when possible)
Enabled ?
Domain member: Is Disable machine account password changes
Enabled ?
Domain member: What is Maximum machine account password age [in
number of days] ?
Domain member: Is Require strong (Windows 2000 or later) session
key Enabled ?
Interactive logon: Is Do not display last user name Enabled ?
Interactive logon: Is Do not require CTRL+ALT+DEL Enabled ?
Interactive logon: Message text for users attempting to log on
Interactive logon: Message title for users attempting to log on
Enabled
Enabled
Enabled
Security Compliance
Disabled
Disabled
Disabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
Disabled
30
Disabled
Disabled
Disabled
Welcome
Attention
19
Security Check
SECURITY OPTIONS
Expected Value
Interactive logon: What is the count for Number of previous logons to
cache ?(in case domain controller is not available) [in number of
logons]
25
Interactive logon: How far in advance user are prompt to change
password before expiration [in number of days] ?
Interactive logon: Is Require Domain Controller authentication to
unlock workstation Enabled ?
Interactive logon: Is Require smart card Enabled ?
Interactive logon: What is the behavior for Smart card removal ?
Microsoft network client: Is Digitally sign communications (always)
Enabled ?
Microsoft network client: Is Digitally sign communications (if server
agrees) Enabled ?
Microsoft network client: Is Send unencrypted password to third-party
SMB servers Enabled ?
Microsoft network server: How much the idle time required before
suspending session [in number of minutes] ?
14
Microsoft network server: Is Digitally sign communications (always)
Enabled ?
Microsoft network server: Is Digitally sign communications (if client
agrees) Enabled ?
Microsoft network server: Is Disconnect clients when logon hours
expire Enabled ?
Network access: Is Do not allow anonymous enumeration of SAM
accounts Enabled ?
Network access: Is Do not allow anonymous enumeration of SAM
accounts and shares Enabled ?
Network access: Is Do not allow storage of credentials or .NET
Passports for network authentication Enabled ?
Disabled
Network access: Is Let Everyone permissions apply to anonymous
users enabled ?
Network access: Which Named Pipes that can be accessed
anonymously are present in system ?
Network access: Which Remotely accessible registry paths are present
?
Disabled
Network access: Which Remotely accessible registry paths and subpaths are present ?
System\CurrentControlSet\Control\Print\P
rinters
System\CurrentControlSet\Services\Eventl
og
Software\Microsoft\OLAP Server
Software\Microsoft\Windows
NT\CurrentVersion\Print
System\CurrentControlSet\Control\Content
Index
Enabled
Security Compliance
Disabled
Disabled
No Action
Disabled
Enabled
Disabled
15
Disabled
Enabled
Enabled
Disabled
Disabled
browser
System\CurrentControlSet\Control\Product
Options
System\CurrentControlSet\Control\Server
Applications
NT\CurrentVersion
Network access: Is Restrict anonymous access to Named Pipes and
Shares Enabled ?
Network access: Is Shares that can be accessed anonymously Enabled ? Disabled
Network access: How Sharing and security model for local accounts are
authenticated ?
Network security: Is Do not store LAN Manager hash value on next
password change Enabled ?
Network security: Which LAN Manager authentication level is present ?
Classic - local users authenticate as
themselves
Enabled
Send NTLMv2 response only
Network security: Which LDAP client signing requirements is present ? Negotiate signing
Network security: Which Minimum session security for NTLM SSP
based (including secure RPC) clients is present ?
Network security: Which Minimum session security for NTLM SSP
based (including secure RPC) servers is present ?
Recovery console: Is Allow automatic administrative logon Enabled ?
Recovery console: Is Allow floppy copy and access to all drives and all
folders Enabled ?
Shutdown: Is Allow system to be shut down without having to log on
Enabled ?
Shutdown: Is Clear virtual memory pagefile Enabled ?
Not Defined
Not Defined
Disabled
Disabled
Disabled
Disabled
20
Security Check
SECURITY OPTIONS
Which users and groups are allowed to Access the Credential Manager
as a trusted caller ?
Administrators
Which users and groups are allowed to Access this computer from the
network ?
Backup Operators
Everyone
Users
Administrators
Administrators
Which users and groups are allowed to Act as part of the operating
system ?
Which users and groups are allowed to Add workstations to domain ?
Which users and groups are allowed to Adjust memory quotas for a
process ?
Security Compliance
Administrators
Which users and groups are allowed to Create a pagefile ?
Administrators
LOCAL SERVICE
NETWORK SERVICE
SQLServer2005MSSQLUser$WINVUMGXRU5CVF$SQLEXPRESS
Administrators
Remote Desktop Users
Administrators
Backup Operators
Administrators
Backup Operators
Everyone
LOCAL SERVICE
NETWORK SERVICE
SQLServer2005MSSQLUser$WINVUMGXRU5CVF$SQLEXPRESS
Users
Administrators
LOCAL SERVICE
Administrators
LOCAL SERVICE
Administrators
LOCAL SERVICE
NETWORK SERVICE
SERVICE
Administrators
Which users and groups are allowed to Create a token object ?
Administrators
Which users and groups are allowed to Create permanent shared
objects ?
Administrators
Which users and groups are allowed to Create symbolic links ?
Administrators
Which users and groups are allowed to Debug programs ?
Administrators
Which users and groups are allowed to Allow logon through Terminal
Services ?
Which users and groups are allowed to Back up file and directories ?
Which users and groups are allowed to Bypass traverse checking ?
USER RIGHTS
ASSIGNMENT
Expected Value
System cryptography: Which setting for Force strong key protection
Not defined
for user keys stored on the computer is present ?
System cryptography: Is Use FIPS compliant algorithms for encryption, Disabled
hashing, and signing Enabled ?
System objects: Is Require case insensitivity for non-Windows
Enabled
subsystems Enabled ?
System objects: Is Strengthen default permissions of internal system
Enabled
objects (e.g. Symbolic Links) Enabled ?
System settings: Which subsystems are used to support your
Posix
applications ?
System settings: Is Use Certificate Rules on Windows Executables for
Disabled
Software Restriction Policies Enabled ?
User Account Control: Is Admin Approval Mode for the Built-in
Disabled
Administrator account Enabled ?
User Account Control: Which setting for Behavior of the elevation
Prompt for consent
prompt for administrators in Admin Approval Mode is present ?
User Account Control: Which setting for Behavior of the elevation
Prompt for credentials
prompt for standard users is present ?
User Account Control: Is Detect application installations and prompt for Enabled
elevation Enabled ?
User Account Control: Is Only elevate executables that are signed and Disabled
validated Enabled ?
User Account Control: Is Only elevate UIAccess applications that are
Enabled
installed in secure locations Enabled ?
User Account Control: Is Run all administrators in Admin Approval
Enabled
Mode Enabled ?
User Account Control: Is Switch to the secure desktop when prompting Enabled
for elevation Enabled ?
User Account Control: Is Virtualize file and registry write failures to per- Enabled
user locations Enabled ?
Which users and groups are allowed to Change the system time ?
Which users and groups are allowed to Change the time zone ?
Which users and groups are allowed to Create a global objects ?
Which users and groups are denied to access to this computer from the Local Users
network
Which users and groups are denied to logon as a batch job ?
Local Users
Which users and groups are denied to logon as a service ?
Local Users
Which users and groups are denied to logon locally ?
Local Users
21
Security Check
Expected Value
Which users and groups are denied to logon through Terminal Services
?
Which users and groups are allowed to Enable computer and user
accounts to be trusted for delegation ?
Which users and groups are allowed to Force shutdown from a remote
system ?
Which users and groups are allowed to Generate security audits ?
Local Users
Which users and groups are allowed to Increase scheduling priority ?
Which users and groups are allowed to Load and unload device drivers
?
Which users and groups are allowed to Lock pages in memory ?
Which users and groups are allowed to Log on as a batch job ?
Administrators
Administrators
Security Compliance
Administrators
Administrators
LOCAL SERVICE
NETWORK SERVICE
Which users and groups are allowed to Impersonate a client after
Administrators
authentication ?
IIS_IUSRS
LOCAL SERVICE
NETWORK SERVICE
SERVICE
Which users and groups are allowed to Increase a process working set ? Local Users
Which users and groups are allowed to Log on as a service ?
USER RIGHTS
ASSIGNMENT
Which users and groups are allowed to Log on locally ?
Which users and groups are allowed to Manage auditing and security
log ?
Administrators
Administrators
Backup Operators
IIS_IUSRS
Administrators
IIS_IUSRS
LOCAL SERVICE
Administrators
Backup Operators
Users
Administrators
Which users and groups are allowed to Modify an object label ?
Administrators
Which users and groups are allowed to Modify firmware environment
values ?
Administrators
Which users and groups are allowed to Perform volume maintenance
tasks
Administrators
Which users can use performance monitoring tools to monitor the
performance of nonsystem processes ? (Profile single process)
Administrators
Which users can use performance monitoring tools to monitor the
performance of system processes ?
Administrators
Which users and groups are allowed to Remove computer from docking Administrators
station ?
Which users and groups are allowed to Replace a process level token ?
LOCAL SERVICE
NETWORK SERVICE
Which users and groups are allowed to Restore files and directories ?
Administrators
Backup Operators
Which users and groups are allowed to Shut down the system ?
Administrators
Backup Operators
Which users and groups are allowed to Synchronize directory service
data ?
Administrators
Which users and groups are allowed to Take ownership of file or other Administrators
objects ?
22
ANNEXURE C: IP-wise Compliance & Actionable Report
Detailed Compliance Report for IP - 10.1.2.9 - WinXP
ANTIVIRUS
Sr. No.
1
2
3
Compliance
True
True
True
Check Name
Is Antivirus Auto-Protect Enabled
Is Antivirus Present
Is Antivirus Updated
Result
Enabled
Enabled
Enabled
Compare Logic
=
=
=
Expected Value
Enabled
Enabled
Enabled
Check Name
Audit account logon events
Result
Failure
Compare Logic
&&
Expected Value
Failure
Check Name
Automatic Update Status
Result
Compare Logic
Automatically download recommended updates for
=
my computer and install them
Expected Value
Automatically download
recommended updates for
Check Name
TM Build Number
Trend Micro Pattern Date
Trend Micro Program Version
Result
1083
20110824
10.5
Compare Logic
>=
Should Contain
Should Contain
Expected Value
0
Compare Logic
>=
Expected Value
1024
AUDIT POLICY
Sr. No.
1
Compliance
True
AUTO UPDATE
Sr. No.
1
Compliance
True
CUSTOM REGISTRY
Sr. No.
1
2
3
Compliance
True
True
True
EVENTLOG SCAN
Sr. No.
1
2
3
Compliance
True
True
True
Check Name
Result
Maximum Application Log Size [in KiloBytes] 16384
Maximum Security Log Size [in KiloBytes]
Maximum System Log Size [in KiloBytes]
16384
16384
Check Name
Is Firewall Enabled
Result
Disabled
>=
>=
1024
1024
FIREWALL POLICIES
Sr. No.
1
Compliance
True
Compare Logic
=
Expected Value
Disabled
INFORMATIONAL CHECKS
Sr. No.
1
Compliance
True
Check Name
Installed Hotfixes
2
3
4
True
True
True
Last Logged In User
Last System Boot Up Time
Network File Shares
5
6
False
True
Non-NTFS Partitions
Process Scan
7
True
Services Installed
8
True
Softwares Installed
9
True
Softwares Installed - Full Details
Result
Compare Logic
KB2079403
Should Contain
KB2141007
KB2286198
workgroup\testuser
Should Contain
26/08/2011 10:09:54
Should Contain
ADMIN$
Should Contain
C$
IPC$
D$
C$
Should Contain
C:\Windows\system32\csrss.exe
Should Contain
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
Cryptographic Services
Should Contain
DCOM Server Process Launcher
DHCP Client
DNS Client
COM+ Event System
Server
Workstation
Should Contain
Adobe Flash Player 10 ActiveX
Intel(R) Graphics Media Accelerator Driver
Windows XP Service Pack 3
Should Contain
Security Update for Microsoft .NET Framework 3.5
SP1
Hotfix for Microsoft .NET Framework 3.5 SP1
Hotfix for Microsoft .NET Framework 3.5 SP1
Update for Microsoft .NET Framework 3.5
Expected Value
Result
Enabled
Enabled
Enabled
Disabled
Enabled
Expected Value
Enabled
Enabled
Enabled
Disabled
Enabled
MISCELLANEOUS HARDENING
Sr. No.
1
2
3
4
5
6
Compliance
True
True
True
True
True
True
Check Name
Access to Internet Explorer Security Page
Access to Registry Editing Tools
Allow Saving of Passwords for Forms
Automatic Logon of Users of Workstation
Changing of Internet Explorer Advanced Page
Settings
Simple TCP/IP Services
Disabled
Compare Logic
=
=
=
=
=
=
Disabled
23
PASSWORD POLICY
Sr. No.
1
2
3
4
5
6
7
Compliance
True
True
True
True
True
True
True
Check Name
Account Lockout Duration [in number of
minutes]
Account Lockout Threshold
Enforce Password History
Maximum Password Age [in number of days]
Minimum Password Age [in number of days]
Minimum Password Length
Reset Account Lockout Counter After [in
number of minutes]
Result
20
Compare Logic
=
Check Name
Is Screen Saver Secured
Screen Saver Timeout Duration [in number of
seconds]
Result
Enabled
Enabled
900
Compare Logic
=
=
=
Expected Value
Enabled
Enabled
900
Check Name
Accounts: Limit local account use of blank
passwords to console logon only
Devices: Allow undock without having to log
on
Devices: Allowed to format and eject
removable media
Devices: Prevent users from installing printer
drivers
Devices: Restrict CD-ROM access to locally
logged-on user only
Devices: Restrict floppy access to locally
logged-on user only
Devices: Unsigned driver installation behavior
Result
Enabled
Compare Logic
=
Expected Value
Enabled
3
2
30
1
8
10
=
=
=
=
>=
<=
Expected Value
20
3
2
30
1
8
10
SCREENSAVER
Sr. No.
1
2
3
Compliance
True
True
True
SECURITY OPTIONS
Sr. No.
1
Compliance
True
2
True
3
True
4
True
5
True
6
True
7
True
8
True
9
True
10
True
11
True
12
True
13
True
14
True
15
True
16
True
17
True
18
True
19
True
20
True
21
True
22
True
23
True
24
True
25
True
26
True
27
True
28
True
Enabled
=
Enabled
Administrators
=
Administrators
Disabled
=
Disabled
0
=
Disabled
0
=
Disabled
Warn but allow installation
=
Warn but allow installation
Domain controller: Allow server operators to
schedule tasks
Domain member: Maximum machine account
password age [in number of days]
Domain member: Require strong (Windows
2000 or later) session key
Interactive logon: Do not display last user
name
Interactive logon: Do not require
CTRL+ALT+DEL
Interactive logon: Message text for users
attempting to log on
Enabled
=
Enabled
Interactive logon: Message title for users
attempting to log on
Interactive logon: Number of previous logons
to cache (in case domain controller is not
available) [in number of logons]
Interactive logon: Prompt user to change
password before expiration [in number of
days]
Interactive logon: Require Domain Controller
authentication to unlock workstation
Microsoft network client: Digitally sign
communications (if server agrees)
Microsoft network client: Send unencrypted
password to third-party SMB servers
Microsoft network server: Amount of idle time
required before suspending session [in
number of minutes]
Microsoft network server: Digitally sign
communications (always)
Microsoft network server: Digitally sign
communications (if client agrees)
Microsoft network server: Disconnect clients
when logon hours expire
Network access: Do not allow storage of
credentials or .NET Passports for network
authentication
Network access: Let Everyone permissions
apply to anonymous users
Network access: Named Pipes that can be
accessed anonymously
Information Security Notice
=
5
=
You are about to enter a
Private Network that is
intended for the
authorized use of a Private
Company and its affiliate
companies
'Information Security
Notice'
5
10
=
10
Enabled
=
Enabled
Enabled
=
Enabled
Disabled
=
Disabled
30
>=
30
Disabled
=
Disabled
Enabled
=
Enabled
Disabled
=
Disabled
You are about to enter a Private Network that is
intended for the
authorized use of a Private Company and its
affiliate companies
15
Should Contain
>=
15
Disabled
=
Disabled
Disabled
=
Disabled
Enabled
=
Enabled
Disabled
=
Disabled
=
Disabled
Disabled
browser
COMNAP
COMNODE
SQL\QUERY
SPOOLSS
LLSRPC
Network access: Remotely accessible registry System\CurrentControlSet\Control\ProductOption
paths
s
System\CurrentControlSet\Control\Server
Applications
Software\Microsoft\Windows NT\CurrentVersion
Should Contain
Network access: Shares that can be accessed
anonymously
Should Contain
COMCFG
DFS$
Should Contain
24
29
False
Network access: Sharing and security model
for local accounts
Guest only - local users authenticate as Guest
=
Classic - local users
authenticate as themselves
30
True
=
Disabled
True
Disabled
=
Disabled
32
True
Disabled
=
Disabled
33
True
Network security: Do not store LAN Manager
hash value on next password change
Recovery console: Allow automatic
administrative logon
Recovery console: Allow floppy copy and
access to all drives and all folders
Shutdown: Allow system to be shut down
without having to log on
Disabled
31
Enabled
=
Enabled
Check Name
Connected Usb Devices
Result
Kingston DT 101 II USB Device at 04/12/2009
01:36:12 PM
Motorola Phone USB Device at 07/08/2009
02:35:32 PM
JetFlash TS4GJFV60 USB Device at 09/02/2009
11:07:25 AM
Enabled
Disabled
Compare Logic
Should Contain
Result
Disabled
Disabled
workgroup\Domain Admins
CBWSDT018\Administrator
Administrator
Administrator
Guest
Guest
Compare Logic
=
=
Should Contain
Result
NETWORK SERVICE
Authenticated Users
Compare Logic
Should Contain
USB DEVICES
Sr. No.
1
2
3
Compliance
True
False
True
USB Driver Status
USB Port Status
=
=
Expected Value
Disabled
Disabled
USER ACCOUNTS
Sr. No.
1
2
3
4
Compliance
True
False
True
True
Check Name
Is Guest Account Active
Is User an Administrator
Local Administrators
Local Users
Expected Value
Disabled
Enabled
Should Contain
USER RIGHTS ASSIGNMENT
Sr. No.
1
Compliance
True
Check Name
Access this computer from the network
2
3
4
True
True
True
Act as part of the operating system
Add workstations to domain
Adjust memory quotas for a process
5
True
Allow logon through Terminal Services
6
True
Back up file and directories
7
True
Bypass traverse checking
8
9
True
True
Change the system time
Create a global objects
10
11
12
13
True
True
True
True
Create a pagefile
Create a token object
Create permanent shared objects
Debug programs
14
True
15
16
17
True
True
True
Deny access to this computer from the
network
Deny logon as a batch job
Deny logon as a service
Deny logon locally
18
19
True
True
20
21
True
True
Deny logon through Terminal Services
Enable computer and user accounts to be
trusted for delegation
Force shutdown from a remote system
Generate security audits
22
True
Impersonate a client after authentication
23
24
True
True
Load and unload device drivers
Log on as a batch job
25
True
Log on as a service
26
True
Log on locally
27
True
Manage auditing and security log
28
True
Take ownership of file or other objects
Administrators
Administrators
LOCAL SERVICE
NETWORK SERVICE
Administrators
Remote Desktop Users
Administrators
Users
Authenticated Users
Administrators
Backup Operators
Everyone
Users
Power Users
Everyone
Administrators
SERVICE
INTERACTIVE
Administrators
Administrators
Authenticated Users
Guest
SUPPORT_388945a0
Guest
SUPPORT_388945a0
ASPNET
ASPNET
Administrators
LOCAL SERVICE
NETWORK SERVICE
Administrators
SERVICE
ASPNET
Administrators
SUPPORT_388945a0
ASPNET
NETWORK SERVICE
ASPNET
Administrators
Backup Operators
Users
Power Users
Guest
Administrators
Authenticated Users
Administrators
Authenticated Users
Should Contain
Should Contain
Should Contain
Expected Value
'Administrators'
Should Contain
Should Contain
'Authenticated Users'
'Administrators'
'Users'
Should Contain
Should Contain
Should Contain
Should Contain
Should Contain
Should Contain
Should Contain
'Everyone'
'Administrators'
Should Contain
Should Contain
Should Contain
Should Contain
Should Contain
Should Contain
Should Contain
Should Contain
'Administrators'
Should Contain
Should Contain
Should Contain
Should Contain
Should Contain
Should Contain
Should Contain
'Administrators'
'Administrators'
25
ANNEXURE D: Software Statistics: Undesired Software List
During our scan we found a list of potentially undesirable software installed on some desktops, details
of which are given below:
Location: (Location/Dept. 1, Location/Dept. 2, Location/Dept. 3, Location/Dept. 4)
Software
Count
µTorrent
11
AceFTP 3 Freeware
1
BitTorrent
8
Core FTP LE 2.1
1
CuteFTP 8 Home
4
CuteFTP 8 Professional
1
Dropbox
4
FileZilla (remove only)
9
FileZilla Client 3.3.2
13
GoToMeeting 4.0.0.320
1
Ipswitch WS_FTP Professional 2007
1
Juniper Networks Secure Meeting 6.3.0
5
Juniper Networks Secure Meeting 7.0.0
1
LeechFTP
1
Picasa 3
25
SmartFTP Client
1
TeamViewer 5
9
TeamViewer 6
21
TightVNC 1.2.9
2
UltraVNC 1.0.8.2
37
UltraVNC v1.0.2
232
VNC 3.3.4
1
VNC Free Edition 4.1.2
64
WebEx
59
WinSCP 4.3.3
3
WinVNC 3.3.3
BlackBerry Desktop Software 6.0
58
BlackBerry Desktop Software 6.0.1
3
BlackBerry® Media Sync
10
Huawei Access Manager
24
HUAWEI Mobile Connect
10
Nokia Ovi Suite
9
Nokia PC Connectivity Solution
8
Nokia PC Internet Access
1
Nokia PC Suite
40
Category
Description
Remote Desktop
/ File sharing
Such software can
allow a remote
party to view and
interact with the
user’s desktops and
transfer files to and
from it.
23
26
Software
Count
nokian73
1
PC Connectivity Solution
50
Photon+ Access Manager 1.0
4
Reliance 3G
5
Reliance Netconnect - Broadband+
158
Reliance Netconnect+
18
Samsung ML-2850 Series
7
Samsung Mobile phone USB driver Software
4
SAMSUNG Mobile USB Modem 1.0 Software
5
SAMSUNG Mobile USB Modem Software
5
Samsung New PC Studio
4
Samsung PC Studio 5
Sony Ericsson PC Suite
1
Sony Ericsson PC Suite 6.011.00
1
TATA Indicom Dialer
6
Tata Photon+
10
Digsby
2
Google Talk (remove only)
73
IP Messenger for Win
1
MSN
31
MSN Messenger 7.5
30
Skype? 5.5
3
Spark 2.5.8
20
Windows Live Messenger
Yahoo! Messenger
Zoosk Messenger
3GP Converter 2010
88
374
1
1
1
3GP Player 2008
2
Acez All Audio Converter v3.0
1
Adobe Media Player
23
Adobe Shockwave Player 11.5
134
Agile iPhone Video Converter
1
AIFF MP3 Converter v3.2 build 977
2
Aiseesoft TS Video Converter
1
All Video Converter 4.3.1
1
Any DVD Converter Professional 3.6.2
1
Apex Video Converter Super 6.39
1
Avro Converter 0.6.0
1
AVS Video Converter 7
1
A-Z Free Video Converter 7.15
1
BitComet FLV Converter 1.0
1
Category
Independent
Internet
Connectivity and
Manager
Description
These utilities can
be used with
respective USB
modem/data card
to bypass your
corporate Internet
Filtering, hence
giving all open
Internet access.
Critical data can be
leaked through this
channel as it is not
monitored.
27
Software
Count
CDA to MP3 Converter v3.2 build 1159
1
dBpowerAMP Music Converter
2
DivX Converter
9
DivX Player
11
DivX Web Player
10
DJ Engine 7.0 Professional
9
Easy Graphic Converter 1.2
1
Easy Image Converter 1.3.2.1
1
Emicsoft FLV Converter
1
Emusic - 50 FREE MP3s from eMusic!
6
FLV Player 1.3.2
FormatFactory 2.50
6
Free 3GP Video Converter version 3.5
2
Free MXF 2 MOV Converter Pro
1
Freez FLV to AVI/MPEG/WMV Converter
1
Freez FLV to MP3 Converter
1
GOM Player
14
iMesh
1
iTunes
77
iWisoft Flash SWF to Video Converter 3.4
1
Media Go
2
Metacafe
1
Microsoft Works 6-9 Converter
8
mp3-2-wav converter 1.14
1
OJOsoft Total Video Converter
2
Pavtube Video Converter version 3.5.1.2345
1
PlayStation(R)Network Downloader
2
PlayStation(R)Store
2
Prism Video File Converter
1
RealPlayer
66
RealPlayer G2
1
Roxio CinePlayer
14
SA31xx Device Manager & Media Converter
1
SmartMovie Converter
1
Total Video Converter 3.10
5
Total Video Player 1.03
1
Video to iPod MP4 PSP 3GP Converter
1
4
VideoLAN VLC media player 0.8.1
100
VideoLAN VLC media player 0.8.5
36
Videora iPhone Converter 5.04
1
VLC media player 1.0.0-rc1
11
Category
Description
Instant
Messaging and
Video
Conferencing
Using instant
messaging software
users can chat and
share data, where
as video
conferencing is use
to provide
customers with
instant multi-user
video conferencing.
28
Software
Count
VLC media player 1.1.2
65
Winamp
9
WinX Free WMV to 3GP Converter 2.0.6
1
Ahead Nero Burning ROM
54
Ahead Nero BurnRights
43
Nero 6 Demo
1
Nero 8 Essentials
1
Nero BurnRights
22
Nero OEM
33
Nero Suite
9
PowerDVD
58
PowerDVD DX
PowerDVD OD
14
Roxio Creator DE
33
Roxio Creator DE 10.3
6
Roxio MyDVD Basic v9
6
Microsoft Network Monitor 3.1
1
Microsoft Network Monitor 3.4
2
Microsoft Network Monitor: Microsoft Parsers 3.2
1
Nmap 5.21
2
Packet Tracer 5.2
1
PRTG Network Monitor
1
SolarWinds IP Address Tracker
1
Wireshark 0.99.5
1
Wireshark 1.4.3
1
Wireshark 1.4.6
1
2in1 Coundition Zero 1.1&Counter-Strike 1.6(build 2738)
7
99 Puzzle and Logic
1
Angry Birds
2
Angry Birds Rio
1
CricketWebPlayer 1.0.1
1
GAME, NET & MATCH!
1
JumpStart Advanced Preschool
1
JumpStart Advanced PreSchool Explore and Learn
1
JumpStart Art for Fun
1
Loco Mania 1.0
1
PacMania 2
1
RoadRash
1
Time of War Demo
1
Apple Mobile Device Support
68
Category
Description
Data Burning
Softwares
It can be used to
transfer critical
data onto devices
such as CD, DVD
Network/Traffic
Monitoring and
Hacking Tools
These softwares
can be used to
gather critical
details such as
network maps,
open ports, OS
vulnerabilities etc,
which can misused
by some malicious
user.
Games
Such software’s can
consume the
network bandwidth
also slowdown the
system
performance
Potential
These programs
11
29
Software
Count
Category
Description
AviSynth 2.5
2
Cain & Abel v4.9.35
1
Unwanted
software
Caricature Studio Green 3.6
1
can install spyware
on the systems on
which they are
installed.
Conduit Engine
21
Internet Download Manager
5
K-Lite Codec Pack 2.63 Standard
18
K-Lite Mega Codec Pack 4.8.5
1
K-Lite Mega Codec Pack 5.6.1
1
Kundli 5.0
1
Kundli for Windows (Lite Edition)
Kundli for Windows v4.5 (Demo)
1
Samsung Kies
2
Wondershare Free YouTube Downloader(Build 1.1.20)
1
YouTube Downloader 2.5.3
2
Youtube Downloader 3.8 (20101109)
2
YouTube Downloader App 2.03
1
1
Note: The above results are based on MIEL’s interpretation, if there are business requirements for any of the
above, they can safely be ignored.
30
31
Frequently Asked Questions (FAQs):
Q What types of checks does the MIEL Endpoint Diagnostic Service cover?
The MIEL Endpoint Diagnostic Service is purely focused on technical checks that relate to security. The
Service covers a large number of security settings such as the audit policy, user rights, password policy,
screen saver policy, antivirus and firewall checks as well as a host of other policies that can be enforced
locally or from a domain controller. The service is capable of checking all the security settings that can
be set using the Windows security policy interface. It also covers additional informational checks that
can give a clearer idea as to the policy compliance of systems. Some of these additional checks include
auditing installed software and monitoring USB storage devices such as external hard drives and pen
drives. We are constantly adding new checks and innovative features that benefit our clients.
Q Will it impede my business in anyway?
The MIEL Endpoint Diagnostic Service performs scans that are non-invasive and do not modify any
settings or data on any systems. The scans do not impact a system's performance and may be
performed during production. Network usage is also extremely efficient, using Microsoft's Windows
Communication Foundation to ensure encrypted results and low utilization of network resources.
Q Does the Service include scans across the geographies that I operate?
MIEL Endpoint Diagnostic Service performs scans across all geographies remotely provided there is
Internet connectivity above 128 Kbps.
Q Can I view at a glance all Non-compliances in my organization?
MIEL Endpoint Diagnostic Service provides comprehensive graphs which depict the state of both
compliance and non-compliance of all the endpoints covered in the scan.
Q Can you provide reports customized to our needs?
MIEL Endpoint Diagnostic Service will customize the report including graphs and executive summary as
per your requirements. Major customizations may be charged additionally.
Q Can MIEL Endpoint Diagnostic Service provide me with an inventory of all the software
running on my endpoints?
Yes, MIEL Endpoint Diagnostic Service can be used to generate a complete software inventory. If you
provide us with your purchased license details, we can co-relate the results of the scan to identify gaps
in license compliance.
Q What is the duration for a typical scan to be completed?
MIEL Endpoint Diagnostic Service performs scans across multiple endpoints in parallel, and the scan
takes around one minute per endpoint. Typically a scan on a hundred endpoints may take up to 15
minutes. The first time a scan is performed, involves setting up the pre-requisites for the service. It is
32
preferable to let the pre-requisites propagate to the maximum number of systems, so scans can be
started on the day after the setup of the pre-requisites.
Q How do I monitor compliance over a period of time?
MIEL Endpoint Diagnostic Service reports offer trend-analysis that indicates the state of compliance over
a period of time.
Q Can I scan against my own existing corporate policies?
Yes, if you provide us with your corporate security policy, we can perform the scan against it.
Q What are the types of compliance covered by the service?
Leveraging MIEL’s experience with auditing against information security standards, MIEL Endpoint
Diagnostic Service covers all major compliances including PCI/DSS, ISO27001, HIPAA, SOX and NIST80053 standards.
Q What hardware do I need to provide?
A single desktop class system can be provided for scanning at each location. Alternatively, VPN
connectivity to the locations to be scanned can be provided.
Q Do I need to install any software on my endpoints?
MIEL Endpoint Diagnostic Service operates on an agent-less model, so no software needs to be installed
on the endpoints to be scanned.
Q Will MIEL Endpoint Diagnostic Service work in a non-domain environment?
MIEL Endpoint Diagnostic Service covers scan of any system which meets the minimum pre-requisites,
regardless of whether it belongs to a domain or not. The domain, however, may make it easier to set
systems up to meet the pre-requisites that are necessary for the scan.
Q How much network bandwidth / CPU time does the Service use?
MIEL Endpoint Diagnostic Service uses a negligible amount of bandwidth. Any corporate intranet or
high-speed Internet connection will suffice. However, it is necessary that the endpoints and the
aggregator are located on the same intranet (or equivalent LAN speed link) to allow the scan to occur.
Q What operating systems does MIEL Endpoint Diagnostic Service support for auditing?
The MIEL Endpoint Diagnostic Service can be used to scan any current Microsoft Windows family of
operating systems from Windows 2000 onwards.
33
34

MEDS – Sample Report - MIEL e

Transcription

Similar documents

Case Study

Global Focus: ABC Family runs New York showcase event

THE WORLD`S THE WORLD`S THE WORLD`S THE WORLD`S

Beyond ABC Activity Book AI

Putting facts at forces` fingertips

Making Sense of it All:

Bisynchronous Communication Module

Lecture 4-6

`NO CUTS TO THE ABC OR SBS`