|
Investigations are grouped into easy to understand topics,
eliminating the complex jargon often associated with security systems
and reviews.
Passwords - Investigates whether passwords structures are in line
with desired standards, and tests the strength of passwords to ensure
that accounts cannot be easily compromised.
- Are there user accounts that do not require a password?
- Which passwords do not meet the minimum length requirements of the
corporate policy?
Identification - Investigates whether account structures provides
unique identification of users and their actions.
- Are there any dormant accounts that may provide an unmonitored access
point into the system?
- Who are the system administrators?
Logon - Investigates whether logon processes and access paths
into the system offer appropriate resources to the user.
- Have the user accounts of leavers been disabled?
- Are users guided into the system by standard scripts that set the
environment?
Access Times - Investigates whether the days and times available
for system access are in line with the user's business needs.
- Can users log in at weekends?
- Which users can log in after normal working hours?
Privileges - Investigates whether the allocation of special
system privileges is restricted to the set of users with specific
support requirements.
- Is the allocation of privileges that override security controls
restricted to system administrators?
User Option Flags - Investigates whether the allocation of logon
options sets an appropriate environment for the user.
- Are users restricted from breaking out of the login script and
accessing the command line?
- Are messages displayed informing potential users that unathorised
access is an offence?
File Systems - Investigates whether the use of file permissions
provides appropriate restrictions on access to system resources.
- Is access to sensitive system files and directories removed from
standard users?
System Values - Investigates whether registry settings and other
global security settings provide appropriate restrictions on access to
system resources.
- Is the registry configured to enforce the recommendations of latest
Microsoft security bulletins?
- Do default password settings comply with the corporate security
policy?
More...
For more information about Security Detective please complete our contact
form.
|
