操作系统安全评估检查表-Windows.doc

Four short words sum up what has lifted most successful individuals above the crowd: a little bit more.-author-date操作系统安全评估检查表-WindowsWindows主机评估检查表操作系统审计检查表 WINDOWS 安全审核被审核部门审核人员审核日期陪同人员序号审核项目审核步骤/方法审核结果补充说明改进建议1补丁安装情况2主要帐户策略审查密码长度最少8位，密码周期最长为90天3审核策略对所有帐户登录事件进行审核对所有的帐户管理事件进行审核对所有登录事件进行审核审核失败访问的组件对策略更改事件进行审核审核失败的特权事件审核所有系统事件4帐户策略最小密码历史： 1天最长密码周期: 90 天最小密码长度: 8个字符密码复杂度: Enabled密码历史: 24 Passwords Remembered存储的密码是否可用于可逆加密： Disabled5帐户锁定策略帐户锁定周期: 15 Minutes (minimum)帐户锁定条件: 3 次失败登录复位时间: 15 Minutes (minimum)6事件日志审核对于系统、安全、应用系统日志，审核下面的项目：最大日志容量: 80 Mb (minimum)限制GUEST帐户访问日志: Enabled日志保持方法： “必要时候重写日志”7主要安全设置审核对外在的匿名用户禁止访问。8安全选项允许系统在未登录前关闭计算机：Disabled允许格式化和弹出可移动媒体： AdministratorsAmount of Idle Time Required Before Disconnecting Session: 30 Minutes (maximum)在超过登录时间后强制注销： Enabled系统关闭时清除虚存页面文件： Enabled数字签名客户端通信（如可能）：Enabled数字签名服务器端通信（如可能）：Enabled不需要按 CTRL+ALT+Delete 登录取： Disabled不显示上次登录的用户名： EnabledLAN Manager Authentication 标准l: “Send NTLMv2 response only” (最少)用户登录时显示的消息文字： Custom Message or “This system is for the use of authorized users only.用户登录时显示的消息标题： “Warning:” or custom title.可被缓存保存的前次登录个数： 0禁止用户安装打印驱动: Enabled在密码到期前多少天提示用户更改密码: 14 Days (minimum)恢复控制台（允许自动管理级登录）： Disabled恢复控制台（允许对所有的驱动器和文件夹进行软盘拷贝和访问）： Disabled重命名管理员帐户：除Administrator外的其它任何名称重命名Guest 帐户：除GUEST外的其它任何名称限制只有本地登录用户才允许访问软盘： Enabled对安全通道数据进行数字加密(如可能): Enabled对安全通道数据进行数字签名（如可能）： Enabled发送为加密的密码连接第三方 SMB 服务器：Disabled智能卡移除操作：“锁定工作站” 3.2.1.36 Strengthen Default Permissions of Global System Objects (e.g. Symbolic Links): Enabled对未经过签名的驱动安装行为 ： “警告, 但允许安装” 或者 “不允许安装”.9注册表安全设置审核10审核服务Alerter DisabledClipbook DisabledComputer Browser DisabledFax Service DisabledFTP Publishing Service Disabled Warning: 将 禁止 FTP 服务IIS Admin Service Disabled Warning: This will disable Internet Information Services!Internet Connection Sharing DisabledMessenger DisabledNetMeeting Remote Desktop Sharing DisabledRemote Registry Service DisabledRouting and Remote Access DisabledSimple Mail Transfer Protocol (SMTP) Disabled Warning: 禁止在 IIS Servers上的SMTP服务。Simple Network Management Protocol (SNMP) Service DisabledSimple Network Management Protocol (SNMP) Trap DisabledTelnet Disabled World Wide Web Publishing Services Disabled Warning: 将禁止 Internet Information Services!Automatic Updates Not DefinedBackground Intelligent Transfer Service Not Defined11用户权利审核从网络访问此计算机: Users, Administrators (or none)4.2.2 Act as part of the operating system: None增加工作站到域：Not applicable备份文件和目录: Administrators4.2.5 Bypass traverse checking: Users更改系统时间: Administrators创建页面文件： Administrators创建全局对象： None创建永久共享对象： None诊断程序： None拒绝从网络访问此计算机： Guests拒绝作为批处理进行登录： None by default (others allowable as appropriate) Not Defined拒绝作为服务登录： None by default (others allowable as appropriate) Not Defined拒绝本地登录: None by default (others allowable as appropriate) Not Defined从远端强制关机：Administrators管理和审核安全日志： None增加内存配额： Administrators增加进度优先级Administrators安装和卸载设备驱动程序：Administrators内存中锁定页： None作为批作业登录：None (“Not Defined”)作为服务登录：None (“Not Defined”)本地登录：Administrators (other specific users allowable)管理审核和安全日志： Administrators更改防火墙环境选项：Administrators配置单一进程： Administrators配置系统性能： Administrators从插接工作站中取出计算机： Administrators替换进程级记号： None恢复文件和目录： Administrators关闭系统： Administrators同步目录服务数据：Not Applicable取得文件和其他对象的所有权：Administrators12其他系统需求确保磁盘卷为 NTFS文件系统。建议使用NTFS文件系统13文件权限%SystemDrive% - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List %SystemDrive%autoexec.bat Administrators: Full; System: Full%SystemDrive%boot.ini Administrators: Full; System: Full%SystemDrive%config.sys - Administrators: Full; System: Full%SystemDrive%io.sys Administrators: Full; System: Full%SystemDrive%msdos.sys Administrators: Full; System: Full%SystemDrive%ntbootdd.sys - Administrators: Full; System: Full%SystemDrive% Administrators: Full; System: Full%SystemDrive%ntldr - Administrators: Full; System: Full%SystemDrive%Documents and Settings Administrators: Full; System: Full; Users: Read and Execute, List%SystemDrive%Documents and SettingsAdministrator Administrators: Full; System: Full%SystemDrive%Documents and SettingsAll Users Administrators: Full; System: Full; Users: Read and Execute,List%SystemDrive%Documents and SettingsAll UsersDocuments DrWatson Administrators: Full; System: Full;Creator Owner: Full; Users: Traverse Folder/Execute File, List Folder/Read Data, Read Attributes, Read ExtendedAttributes, Read Permissions (This folder, subfolders, and files); Users: Traverse Folder/Execute Files, CreateFiles/Write Data, Create Folder/Append Data (Subfolders and files only)%SystemDrive%Documents and SettingsDefault User Administrators: Full; System: Full; Users: Read and Execute, List%SystemDrive%System Volume Information (Do not allow permissions on this folder to be replaced)%SystemDrive%Temp - Administrators: Full; System: Full; Creator Owner: Full; Users: Traverse Folders/ExecuteFiles, Create Files/Write Data, Create Folders/Append Data%ProgramFiles% - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List%SystemDrive%Program FilesResource Kit Administrators: Full; System: Full%SystemRoot% Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List%SystemRoot%$NtServicePackUninstall$ Administrators: Full; System: Full%SystemRoot%CSC Administrators: Full; System: Full%SystemRoot%Debug - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List%SystemRoot%DebugUserMode - Administrators: Full; System: Full; Users: Traverse Folder/Execute File, Listfolder/Read data, Create files/Write data (This folder, only); Create files/Write data, Create folders/Append data(Files only)%SystemRoot%Offline Web Pages (Do not allow permissions on this key to be replaced)%SystemRoot%Registration - Administrators: Full; System: Full; Users: Read%SystemRoot%repair - Administrators: Full; System: Full%SystemRoot%security - Administrators: Full; System: Full; Creator Owner: Full%SystemRoot%system32 - Administrators: Full; System: Full; Creator Owner: Full; Users: Read and Execute, List%SystemRoot%system32at.exe Administrators: Full; System: Full4.4.1.30 %SystemRoot%system32Ntbackup.exe Administrators: Full; System: Full4.4.1.31 %SystemRoot%system32rcp.exe Administrators: Full; System: Full4.4.1.32 %SystemRoot%regedit.exe Administrators: Full; System: Full%SystemRoot%system32regedt32.exe Administrators: Full; System: Full%SystemRoot%system32rexec.exe Administrators: Full; System: Full%SystemRoot%system32rsh.exe Administrators: Full; System: Full%SystemRoot%system32secedit.exe Administrators: Full; System: Full%SystemRoot%system32appmgmt Administrators: Full; System: Full; Users: Read and Execute, List%SystemRoot%config Administrators: Full; System: Full%SystemRoot%system32dllcache Administrators: Full; System: Full; Creator Owner: Full%SystemRoot%system32DTCLog - Administrators: Full; System: Full; Creator Owner: Full; Users: Read andExecute, List%SystemRoot%system32GroupPolicy - Administrators: Full; System: Full; Authenticated Users: Read andExecute, List%SystemRoot%system32ias - Administrators: Full; System: Full; Creator Owner: FullThe Center for Internet SecurityWindows 2000 Server - Level 2 Benchmark for Stand-Alone and Domain-Member ServersPage 18 of 56%SystemRoot%system32NTMSData Administrators: Full; System: Full%SystemRoot%system32reinstallbackups Administrators: Full; System: Full; Creator Owner: Full%SystemRoot%system32Setup Administrators: Full; System: Full; Users: Read and Execute, List%SystemRoot%system32spoolprinters Administrators: Full; System: Full; Creator Owner: Full; Users:Traverse Folder, Execute File, Read, Read Extended Attributes, Create folders, Append Data%SystemRoot%Tasks - (Do not allow permissions on this key to be replaced)%SystemRoot%Temp - Administrators: Full; System: Full; Creator Owner: Full; Users: Traverse Folders/ExecuteFiles, Create Files/Write Data, Create Folders/Append Data14文件和注册表审核%SystemDrive% - Everyone: Failures (this folder, propagate inheritable permissions to all subfolders and files)HKLMSoftware Everyone: Failures (this key, propagate inheritable permission to all subkeys)HKLMSystem Everyone: Failures (this key, propagate inheritable permission to all subkeys)15注册表权限HKLMSoftwareClasses - Administrators: Full; System: Full; Creator Owner: Full; Users: ReadHKLMSoftware Administrators Full; System: Full; Creator Owner: Full; Users: ReadHKLMSoftwareMicrosoftNetDDE Administrators: Full; System: FullHKLMSoftwareMicrosoftOS/2 Subsystem for NT Administrators: Full; System: Full; Creator Owner: FullHKLMSoftwareMicrosoftWindows NTCurrentVersionAsrCommands Administrators: Full; System: Full;Creator Owner: Full; Users: Read; Backup Operators: Query Value, Set Value, Create Subkey, EnumerateSubkeys, Notify, Delete, Read (this key and subkeys)HKLMSoftwareMicrosoftWindows NTCurrentVersionPerflib Administrators: Full; System: Full; CreatorOwner: Full; Interactive: Read (this key and subkeys)HKLMSoftwareMicrosoftWindowsCurrentVersionGroup Policy - Administrators: Full; System: Full;Authenticated Users: ReadHKLMSoftwareMicrosoftWindowsCurrentVersionInstaller - Administrators Full; System: Full; Users: ReadHKLMSoftwareMicrosoftWindowsCurrentVersionPolicies - Administrators: Full; System: Full; AuthenticatedUsers: ReadHKLMSystem - Administrators Full; System: Full; Creator Owner: Full; Users: ReadHKLMSystemClone Allow inheritable permissions to propagate to this objectHKLMSystemControlSet001 - Administrators Full; System: Full; Creator Owner: Full; Users: ReadHKLMSystemControlSet00x - Administrators Full; System: Full; Creator Owner: Full; Users: Read* Apply these permissions to all control sets other than CurrentControlSet.HKLMSystemCurrentControlSetControlSecurePipeServersWinReg Administrators: Full; System: Full; BackupOperators: Query Value, Enumerate Subkeys, Notify, Read Permissions (this key only)HKLMSystemCurrentControlSetControlWMISecurity Administrators: Full; System: Full; Creator Owner: Full(this key and subkeys)HKLMSystemCurrentControlSetEnum - Administrators Read; System: Full; Authenticated Users: Read (Do notallow permissions on this key to be replaced)HKLMSystemCurrentControlSetHardware Profiles Administrators Full; System: Full; Creator Owner: Full;Users: ReadHKLMSystemCurrentControlSetServicesSNMPParametersPermittedManagers - Administrators Full; System: Full;Creator Owner: FullHKLMSystemCurrentControlSetServicesSNMPParametersValidCommunities - Administrators Full; System: Full;Creator Owner: FullHKU.Default - Administrators Full; System: Full; Creator Owner: Full; Users: ReadHKU.DefaultSoftwareMicrosoftNetDDE - Administrators Full; System: FullHKU.DefaultSoftwareMicrosoftProtected Storage System Provider No entries将管理访问注册表权限设置到最高，其他用户不拥有此权限访问，修改注册表-