Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

very low score on security test using Belarac Advisor How can i improve it

  • 04-02-2007 8:59pm
    #1
    Registered Users, Registered Users 2 Posts: 624 ✭✭✭


    i.e beef up my security settings on computer

    http://www.belarc.com/free_download.html

    scored a measly 3.13 on the CIS benchmark test

    anybody got any suggestions on what steps to take to improve it, i tried going thru their pdfs on this but got lost and would be scared of causing irrepairable damage

    snapshot of test below:o


    Current Service Pack Section Score: 1.25 of 1.25
    1. Latest Service Pack

    Critical and Security Hotfixes Section Score: 1.25 of 1.25
    1. Latest Critical and Security Hotfixes

    Account and Audit Policies
    Password Policies Section Score: 0.00 of 0.83
    1. Current Password Ages
    2. Minimum Password Length

    Audit and Account Policies Section Score: 0.00 of 0.83
    1. Audit Account Logon Events
    2. Audit Account Management
    3. Audit Logon Events
    4. Audit Object Access
    5. Audit Policy Change
    6. Audit Privilege Use
    7. Audit System Events
    8. Minimum Password Age
    9. Maximum Password Age
    10. Password Complexity
    11. Store Passwords using Reversible Encryption
    12. Password History Size
    13. Account Lockout Duration
    14. Account Lockout Threshold
    15. Reset Account Lockout Count Time

    Event Log Policies Section Score: 0.00 of 0.83
    1. Application Event Log: Maximum Size
    2. Application Event Log: Restrict Guest Access
    3. Security Event Log: Maximum Size
    4. Security Event Log: Restrict Guest Access
    5. System Event Log: Maximum Size
    6. System Event Log: Restrict Guest Access

    Security Settings
    Anonymous Account Restrictions Section Score: 0.00 of 0.83
    1. Network Access: Allow Anonymous SID/Name Translation
    2. Network Access: Do not allow Anonymous Enumeration of SAM Accounts
    3. Network Access: Do not allow Anonymous Enumeration of SAM Accounts and Shares

    Security Options Section Score: 0.00 of 0.83
    1. Accounts: Guest Account Status
    2. Accounts: Limit Local Account Use of Blank Passwords to Console Logon Only
    3. Accounts: Rename administrator account
    4. Accounts: Rename guest account
    5. Devices: Allowed to format and eject removable media
    6. Devices: Unsigned Driver Installation Behavior
    7. Domain Member: Digitally Encrypt or Sign Secure Channel Data (Always)
    8. Domain Member: Digitally Encrypt Secure Channel Data (When Possible)
    9. Domain Member: Digitally Sign Secure Channel Data (When Possible)
    10. Domain Member: Disable Machine Account Password Changes
    11. Domain Member: Maximum Machine Account Password Age
    12. Interactive Logon: Do Not Display Last User Name
    13. Interactive Logon: Do Not Require CTRL+ALT+DEL
    14. Interactive Logon: Message Text for Users Attempting to Log On
    15. Interactive Logon: Message Title for Users Attempting to Log On
    16. Interactive Logon: Number of Previous Logons to Cache
    17. Interactive Logon: Prompt User to Change Password Before Expiration
    18. Interactive Logon: Smart Card Removal Behavior
    19. Microsoft Network Client: Digitally Sign Communication (if server agrees)
    20. Microsoft Network Client: Send Unencrypted Password to Connect to Third-Party SMB Server
    21. Microsoft Network Server: Amount of Idle Time Required Before Disconnecting Session
    22. Microsoft Network Server: Digitally Sign Communication (if client agrees)
    23. Microsoft Network Server: Disconnect Clients When Logon Hours Expire
    24. Network Access: Let Everyone Permissions Apply to Anonymous Users
    25. Network Access: Shares that can be accessed anonymously
    26. Network Access: Sharing and Security Model for Local Accounts
    27. Network Security: LAN Manager Authentication Level
    28. Network Security: LDAP Client Signing Requirements
    29. Recovery Console: Allow Automatic Administrative Log On
    30. Shutdown: Allow System to be Shut Down Without Having to Log On
    31. Shutdown: Clear Virtual Memory Pagefile
    32. System Objects: Default Owner for Objects Created by Members of the Administrators Group

    Additional Security Settings Section Score: 0.00 of 0.83
    1. Suppress Dr. Watson Crash Dumps
    2. Disable Automatic Execution of the System Debugger
    3. Disable Autoplay from any Disk Type, Regardless of Application
    4. Disable Autoplay from the Default Profile
    5. Disable Automatic Logon
    6. Disable Automatic Reboots After a Blue Screen of Death
    7. Disable CD Autorun
    8. Protect Against Computer Browser Spoofing Attacks
    9. Protect Against Source-routing Spoofing
    10. Protect the Default Gateway Network Setting
    11. Ensure ICMP Routing via Shortest Path First
    12. Help Protect Against Packet Fragmentation
    13. Manage Keep-alive Times
    14. Protect Against Malicious Name-release Attacks
    15. Ensure Router Discovery is Disabled
    16. Protect Against SYN Flood Attacks
    17. SYN Attack Protection - Manage TCP Maximum Half-open Sockets
    18. SYN Attack Protection - Manage TCP Maximum Half-open Retired Sockets
    19. Enable IPSec to Protect Kerberos RSVP Traffic
    20. Hide Workstation from Network Browser Listing
    21. Enable Safe DLL Search Mode

    Available Services and Other Requirements
    Available Services Section Score: 0.00 of 0.63
    1. Alerter Service Permissions
    2. Clipbook Service Permissions
    3. FTP Publishing Service Permissions
    4. IIS Admin Service Permissions
    5. Messenger Service Permissions
    6. NetMeeting Remote Desktop Sharing Service Permissions
    7. Remote Desktop Help Session Manager Permissions
    8. Routing and Remote Access Service Permissions
    9. SMTP Service Permissions
    10. SNMP Service Permissions
    11. SNMP Trap Permissions
    12. Telnet Service Permissions
    13. World Wide Web Publishing Services Permissions

    User Rights Section Score: 0.00 of 0.63
    1. Access this Computer from the Network
    2. Act as Part of the Operating System
    3. Allow Logon through Terminal Services
    4. Back up Files and Directories
    5. Bypass Traverse Checking
    6. Change the System Time
    7. Create a Pagefile
    8. Create a Token Object
    9. Create Permanent Shared Objects
    10. Debug Programs
    11. Deny Access to this Computer from the Network
    12. Force Shutdown from a Remote System
    13. Generate Security Audits
    14. Increase Scheduling Priority
    15. Load and Unload Device Drivers
    16. Lock Pages in Memory
    17. Log on Locally
    18. Manage Auditing and Security Log
    19. Modify Firmware Environment Values
    20. Perform Volume Maintenance Tasks
    21. Profile Single Process
    22. Profile System Performance
    23. Remove Computer from Docking Station
    24. Replace a Process Level Token
    25. Restore Files and Directories
    26. Shut Down the System
    27. Take Ownership of File or Other Objects

    Other System Requirements Section Score: 0.63 of 0.63
    1. All Local Volumes NTFS
    2. Restricted Group: Remote Desktop Users

    File and Registry Permissions Section Score: 0.00 of 0.63
    1. Permissions for HKLM\software\microsoft\windows\currentversion\installer
    2. Permissions for HKLM\software\microsoft\windows\currentversion\policies
    3. Permissions for HKLM\system\currentcontrolset\enum
    4. Permissions for HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers
    5. Permissions for HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities
    6. Permissions for USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
    7. Permissions for HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit
    8. Permissions for %SystemRoot%\system32\tlntsvr.exe
    9. Permissions for %SystemRoot%\system32\tftp.exe
    10. Permissions for %SystemRoot%\system32\telnet.exe
    11. Permissions for %SystemRoot%\system32\subst.exe
    12. Permissions for %SystemRoot%\system32\sc.exe
    13. Permissions for %SystemRoot%\system32\runas.exe
    14. Permissions for %SystemRoot%\system32\rsh.exe
    15. Permissions for %SystemRoot%\system32\rexec.exe
    16. Permissions for %SystemRoot%\system32\regsvr32.exe
    17. Permissions for %SystemRoot%\system32\regedt32.exe
    18. Permissions for %SystemRoot%\regedit.exe
    19. Permissions for %SystemRoot%\system32\reg.exe
    20. Permissions for %SystemRoot%\system32\rcp.exe
    21. Permissions for %SystemRoot%\system32\netsh.exe
    22. Permissions for %SystemRoot%\system32\net1.exe
    23. Permissions for %SystemRoot%\system32\net.exe
    24. Permissions for %SystemRoot%\system32\ftp.exe
    25. Permissions for %SystemRoot%\system32\eventtriggers.exe
    26. Permissions for %SystemRoot%\system32\eventcreate.exe
    27. Permissions for %SystemRoot%\system32\edlin.exe
    28. Permissions for %SystemRoot%\system32\drwtsn32.exe
    29. Permissions for %SystemRoot%\system32\drwatson.exe
    30. Permissions for %SystemRoot%\system32\debug.exe
    31. Permissions for %SystemRoot%\system32\cacls.exe
    32. Permissions for %SystemRoot%\system32\attrib.exe
    33. Permissions for %SystemRoot%\system32\at.exe


Comments

  • Closed Accounts Posts: 7,145 ✭✭✭DonkeyStyle \o/


    I scored 0.63 of 10, go me!
    I'm not in the slightest bit worried though looking at their criteria.
    By the looks of it; if you want to improve your score, I'd suggest opening gpedit.msc or secpol.msc and turning everything on.
    Though personally I wouldn't bother.


  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    Is it your Personal PC or a work server type?


  • Registered Users, Registered Users 2 Posts: 624 ✭✭✭beolight


    its a dell precision 490,a workstation pc it is connected up to home network

    im using it as my personal pc


  • Registered Users, Registered Users 2 Posts: 3,093 ✭✭✭Static M.e.


    As DonkeyStyle said
    By the looks of it; if you want to improve your score, I'd suggest opening gpedit.msc or secpol.msc and turning everything on.
    Though personally I wouldn't bother.

    You can turn on (or Off) all the security policys, move the tools and edit the registry but (IMO) the advantage that you will have more secure PC Vs the trouble and fustration you could potentially cause yourself wouldn't be worth it.

    Keep your PC uptodate with Patchs etc, install a Firewall + AV, backup your data and takes images and you will be fine.

    I can tell you exactly how to get your score up if you wish but..think about it first before you do it, it will be alot harder to change back.


Advertisement