Appendix A-2: Windows NT Server 4.0 Checklist

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

205

Appendix A-2

Windows NT Server 4.0

Checklist

Security Requirement

Y, N,

or N/A

Description of How the

Requirement Is or Will

Be Met, or Why It

Cannot Be Met

A. Mandatory security conﬁguration settings

1. Server must be in a physically secure location

2. An Emergency Recovery Disk must be

prepared and updated

3. Latest service pack and hot ﬁxes must be

installed

4. Anonymous log-on users must be restricted

5. Minimum password age must be set to two

(2) days

6. Password uniqueness must be set to 24

7. Account must be locked out after 5 attempts

8. Lockout duration must be set to 30 minutes

9. The NTFS ﬁle system must be used (not FAT)

10. Standard ﬁle system permissions must be

replaced by stricter security settings

206 Managing Network Vulnerability Assessment

11. The system page ﬁle must be wiped during

shutdown

12. Security logs must be protected (all servers)

13. Auditing must be implemented on all NT

servers

B. High-level security conﬁgurations (for high-risk

systems)

1. Floppy disk and CD-ROM drives must be

disabled

2. Server must be hidden from the network

neighborhood and browsing tools

3. Administrative shares must be removed

C. Optional security settings for stronger security

1. Disable or minimize caching of log-on

credentials

2. Rename administrator account; create a user

account with the name Administrator but

with no rights

3. Set boot sequence to start with the hard drive

“C”

4. Use NTFS for all applications and user data

5. Enforce the use of strong passwords (registry

portion) by enabling use of the passﬁlt.dll

utility

6. Only systems operators will have the

privilege to enter the scheduling commands

7. Consider limiting of hours when users can

log on

8. Administrators should not be allowed to log

on from the network

9. The “Everyone” group should be replaced

with “Authenticated Users”

10. Saved passwords must be disabled

11. Avoid granting “Administration” and “Full

Control” permissions to users

12. Limit “Change” access to users who need to

delete or modify ﬁles and directories

13. Deny requests for shared accounts

Windows NT Server 4.0 Checklist 207

14. Encrypt the password database with 128-bit

encryption

15. Do not grant “Force Shutdown From Remote

System”

16. Limit “log-on locally” on servers to

administrators and to server and backup

operators only

17. Limit “shut down the system” on servers to

administrators and server operators only

18. Turn off all unneeded network services

19. Implement virus protection software

20. Force Shutdown from Remote System

restricted to Admin. Only

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Appendix A-2: Windows NT Server 4.0 Checklist

Create new playlist

Sign In

Sign Up

Table of Contents for
Appendix A-2: Windows NT Server 4.0 Checklist