منتدى قسم تكنولوجيا المعلومات في مدرسة الدوحة الثانوية المستقلة للبنين
علمت أن رزقي لن يأخذه غيري فاطمأن قلبي

قم وذق طعم الصلاة في دجى الليل الطويل

قم وجاهد في الحياة ان مثوانا قليل

منتدى قسم تكنولوجيا المعلومات في مدرسة الدوحة الثانوية المستقلة للبنين

من أفضل مدارس قطر
 
الرئيسيةمكتبة الصوربحـثالتسجيلدخولاليومية
قال الامام احمد بن حنبل: إن لنا إخوان لانراهم إلا مره كل سنه , نحن اوثق بمودتهم ممن نراهم كل يوم .أسعد الله قلوبا طاهره إن وصلناها شكرت وإن قصرنا عذرت
من العظماء من يشعر المرء فى حضرته أنه صغير ولكن العظيم بحق هو من يشعر الجميع في حضرته بأنهم عظماء
كم في المقابر من يحسدونك على هذه الأيام والليالي التي تعيشها يتمنون لو تسبيحة أو استغفار ينفعهم عند ربهم أو سجدة تنير قبورهم أو صدقة تظلهم بين يدي الملك الجبار .. فقط تذكر .. ولا تضيع الفرصة التي بين يديك

شاطر | 
 

 System Lockdown Policy

اذهب الى الأسفل 
كاتب الموضوعرسالة
ghostpc



Posts : 85
أهمية العضو : 0
Join date : 18/11/2008

مُساهمةموضوع: System Lockdown Policy   الثلاثاء ديسمبر 02, 2008 1:55 pm

System Lockdown Policy


1.0 Overview :

This system lockdown policy is an internal IT policy and defines a general process that should be used to lock down servers and workstations.

2.0 Purpose :

This policy is designed to minimize risk to organizational resources and data by establishing a process for increasing the security of servers and workstations by stopping unneeded services and testing for vulnerabilities.

3.0 Server Lockdown and Hardening :

This section describes a general process used to lock down servers. When they are initially installed and configured. Types of servers or equipment that need hardening include but are not limited to file sharing servers, email servers, Web servers, FTP servers, DNS servers, DHCP servers, Database servers, Domain controllers, Directory servers, Network devices such as firewalls, routers, and switches.

1 - List services that will be required to run on the server. Examples include:

  • DNS

  • HTTP

  • SMTP

  • POP3


2 - List services that are running on the server and turn off any that the administrator is sure are not needed.

3 - Do a port scan on the server - Use a security tool to test and determine any ports that the server is responding to.

4 - Shut down any services that are not on the required list of services for the server. Especially remember to shut down services listed in Appendix A - Services Recommended for Shutdown

5 - Remove any unnecessary programs, services, and drivers from the server especially those not loaded by default on the server.

6 - Patch the server with the latest patches and patch all services running on the server.

7 - Disable or change the password of any default accounts on the server or related to any operating services.

8 - Be sure all passwords used to access the system or used by services on the system meet minimum requirements including length and complexity parameters.

9 - Be sure all users and services have minimum required rights and do not have rights to items not needed.

10 - Be sure file share and file permissions are as tight as possible.

11 - Perform a vulnerability assessment scan of the server.

12 - Patch or fix any vulnerabilities found.

13 - Where appropriate, install and run additional security programs such as:

  • Anti-virus - Install and perform latest update of software and virus definitions.

  • Firewall

  • Intrusion detection software - Some approved host based intrusion detection software is recommended to be run on all servers.

  • Honeypot

  • Change of system and system files detection


" All this software should have the latest updates installed. "

14 - Set security parameters on all software such as where anti-virus programs will scan, how often it will scan, and how often it will get virus definition updates.

15 - Enable audit logging to log any unauthorized access.

16 - Perform another vulnerability assessment scan of the server, and fix any discrepancies.

17 - Take additional account management security measures including :


  • Disable the guest account

  • Rename default administrator accounts

  • Set accounts for minimum possible access

  • Be sure all accounts have passwords meeting minimum complexity and length rules.


18 - Test the server to be sure all desired services are operating properly.

4.0 Enforcement :

Since locking down servers is critical to the security of the organization and everyone, this policy must be enforced by management through review and auditing.

Appendix A - Services Recommended for Shutdown

1. File and Printer Sharing for Microsoft Networks - Uninstallation of this service is recommended. This service is not needed unless you want to share a printer on your local computer or share folders on your local computer with other computers.

2. Messenger - Disable this service in the Services applet of Administrative Tools. This service has some serious security bugs and problems and has very little use for managing the network.

3. Remote registry service - This service should be set to manual or disabled since it allows people from remote locations to modify your registry. It is a serious security risk and should only be run if required by network administrators. Set this service to manual or disabled in the Services applet of Administrative Tools.

4. Secondary Logon service - If it is not necessary for lower privileged users to use the "Run As" command to run commands that only administrators or power users can run, this service should be disabled.

5. Universal Plug and Play Device Host service - It broadcasts unnecessary information about the computer running the service. It may be used by MSN messenger. This service is a high security risk and should be disabled unless dependent services are required.

6. Wireless Zero Configuration service - Used to support wireless connections. If you are not using wireless, this should be disabled. This service is a high security risk and should be disabled unless needed.

7. Computer Browser - For home users and most organizational users, this service can be disabled. Running this service is a moderate security risk.

8. NetMeeting Remote Desktop sharing - A person on a remote computer can access your desktop to help you. This service may be used by network administrators to help users with tasks. Normally this service should be disabled unless needed. Running this service is a moderate security risk.

9. Remote Desktop Help Session Manager service - A person on a remote computer can access your desktop to help you. This service may be used by network administrators to help users with tasks. Normally this service should be disabled unless needed. Running this service is a moderate security risk.

10. Network DDE Service - Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. It allows two running programs to share the same data on the same computer or on different computers. Running this service is a moderate security risk. Normally this service should be disabled unless needed.

11. Network DDE DSDM Service - Manages DDE network shares. Running this service is a moderate security risk. Normally this service should be disabled unless needed.

12. NT LM Security support provider - Used for backward compatibility with older Microsoft operating systems. Running this service is a moderate security risk. Normally this service should be disabled unless needed or set to manual.

13. SSDP Discovery service - Allows the computer to connect with networked plug and play devices on the network. This service does not support internal PnP devices. This service should be disabled unless the computer needs to connect to external networked plug and play devices.

14. Telnet service - The telnet service allows a terminal connection to or from a remote computer but sends passwords in the clear. Running this service is a moderate security risk. Normally this service should be disabled unless needed or set to manual.

15. Terminal services - Allows a remote connection from a remote computer usually used by network administrators to help users. Running this service is a moderate security risk. Normally this service should be disabled unless needed or set to manual. This service is commonmly used by system administrators to administer servers remotely.

16. Alerter service - The alerter service allows system administrators to send messages to selected users. This service should be disabled unless specifically needed.

Types of servers that need hardening (This list is not inclusive of all devices that should be hardened):

1. File sharing
2. Email Servers
3. Web servers
4. FTP servers
5. DNS servers
6. DHCP servers
7. Database servers
8. Domain controllers
9. Directory servers
10. Network devices such as firewalls, routers, and switches

For more information about Windows services see
http://www.computersecuritytool.com/windows_services_home.html
الرجوع الى أعلى الصفحة اذهب الى الأسفل
معاينة صفحة البيانات الشخصي للعضو
A.Tamimi
Admin
avatar

Posts : 1593
أهمية العضو : 16
Join date : 13/11/2008
Age : 33
Location : Jordan

مُساهمةموضوع: رد: System Lockdown Policy   الجمعة ديسمبر 05, 2008 2:45 pm

الرجوع الى أعلى الصفحة اذهب الى الأسفل
معاينة صفحة البيانات الشخصي للعضو http://falcons.aforumfree.com
M.ALS3OD

avatar

Posts : 854
أهمية العضو : 0
Join date : 13/09/2009
Age : 24
Location : AMMAN

مُساهمةموضوع: رد: System Lockdown Policy   السبت سبتمبر 19, 2009 7:29 pm

يـــعـــطـــيـــك الـــعـــافـــيـــة

_________________
فــي تــوقــيــع بــس ......
الرجوع الى أعلى الصفحة اذهب الى الأسفل
معاينة صفحة البيانات الشخصي للعضو
 
System Lockdown Policy
الرجوع الى أعلى الصفحة 
صفحة 1 من اصل 1
 مواضيع مماثلة
-
» System Lockdown Policy
» MIMO System Technology for Wireless Communications
» The Basic Parts of a Drip System
» حصريا لعبة CraZy Taxi 1 خرافة
» مشكلة ويندوز 7

صلاحيات هذا المنتدى:لاتستطيع الرد على المواضيع في هذا المنتدى
منتدى قسم تكنولوجيا المعلومات في مدرسة الدوحة الثانوية المستقلة للبنين :: ----§§§§ المنتديات التقنية والبرمجية §§§§---- :: قسم نظم التشغيل واللينكس-
انتقل الى: