DokuWiki

Site Tools

Trace:
erds:preparing_for_system_audit

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
erds:preparing_for_system_audit [2019/01/15 18:15] administratorerds:preparing_for_system_audit [2019/01/18 01:00] (current) administrator
Line 1: Line 1:
 ===== Preparing For A System Audit ===== ===== Preparing For A System Audit =====
  
-CeRTNA ERDS workstations must pass a security audit prior to processing production level transactions through the CeRTNA ERDS platform. Per the California DOJ Baseline Security Requirements, CeRTNA ERDS workstations must be used only for CeRTNA ERDS activity. The follow topics are designed to help you prepare your workstation so that it will meet the CeRTNA ERDS audit requirements.+CeRTNA ERDS workstations must pass a security audit prior to processing production level transactions through the CeRTNA ERDS platform. An [[guides:workstation_configuration|ERDS & G2G Workstation Setup]] document is available in the secured User Guides section of this Wiki.
  
 +You can contact CeRTNA to obtain a user id and password for accessing the User Guides.
  
-==== Additional Workstation Preparation ==== +The [[guides:workstation_configuration|ERDS G2G Workstation Setup]] document contains detailed information about how to prepare your workstation and prepare it to pass the ERDS workstation/system audit.
- +
- +
-In addition to the hardware recommendations outlined in the [[erds:hw_os_reqs|Hardware OS Requirements]] document, CeRTNA ERDS workstations must also have Anti-Virus/Anti-Malware software installed. +
- +
-== Anti-Virus & Anti-Malware Software == +
- +
-For Windows 7 workstations, CeRTNA recommends the installation of Microsoft Security Essentials, however, other software tools are also acceptable, such as Symantec Endpoint Protection. Microsoft Security Essentials can be downloaded for free from the following URL: +
- +
-[[https://www.microsoft.com/en-us/download/details.aspx?id=5201]] +
- +
-For Windows 10 workstations, Microsoft Security Essentials is built into the operating system in the form of a product named Windows Defender. As with Windows 7 workstations, other products such as Symantec Endpoint Protection are also acceptable. +
- +
-== Microsoft Baseline Security Analyzer (MBSA) == +
- +
-The CeRTNA ERDS workstation audit will require a clean Microsoft Baseline Security Analyzer (MBSA) report. The Microsoft Baseline Security Analyzer 2.3 (MBSA) software can be downloaded from the following URL: +
- +
-[[https://admin.certna.org/Downloads/MBSA23x64.zip]] +
- +
-Once you have downloaded and installed the MBSA software, run the Microsoft Baseline Security Analyzer (MBSA) and scan the ERDS workstation. Resolve any items that are flagged on the MBSA scan. +
- +
- +
-==== System Audit ==== +
- +
- +
-During your system audit, you will be asked to perform the following tasks as an Administrator to show that the CeRTNA ERDS workstation meets the workstation security configuration requirements: +
- +
- +
-=== Run/review MSBSA 2.3 output. Validate clean report === +
- +
- +
-  * __Record output__ +
- +
- +
-=== Validate System Properties === +
- +
- +
-Path: Control Panel\System +
- +
-  * Windows 10 operating system with 8.00 GB RAM (minimum) +
-  * or +
-  * Windows 7 (x86 or x64) operating system with 4.0 GB RAM (minimum) +
- +
-  * __Record output__ +
- +
- +
-{{page>[:erds:local_system_settings&noheader&noindent&nofooter&nouser&nodate&noeditbtn&nopermalink]}} +
- +
- +
-=== Microsoft Security Essentials (Win7) or Windows Defender (Win10) === +
- +
-If you are using Windows 7 Security Essentials or Windows 10 Defender, you will need to have your anti-virus and anti-malware settings enabled. If you are using a 3rd party product, such as Symantec Endpoint Protection or AVG Anti-Virus protection, you will need to show the auditor equivalent settings that show that the computer is being protected with anti-virus/anti-malware software, the version information for the software and the virus definition files, the scan frequency, and a history showing the scans are being performed. +
- +
-The administration UI for Windows 10 Defender settings is significantly different than the UI for Windows 7 Security Essentials. As such, the configuration and verification of each of these environments must be documented separately to achieve the same end goals as they relate to Virus Protection and Scan Settings. +
- +
- +
-=== Windows 7 Security Essentials Settings === +
- +
-To manage the Windows 7 Security Essentials settings, launch the Microsoft Security Essentials from the Windows 7 Start menu (button). The following settings can be reviewed/updated from the Settings tab on the Security Essentials UI. +
- +
- +
-Settings/Scheduled scan +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Run a scheduled scan on my computer. | Daily/Full scan | +
-| Check for the latest virus & spyware definitions before running a scheduled scan. | Selected | +
-| Start the scheduled scan only when my computer is on but not in use. | Selected | +
- +
- +
-Settings/Default actions +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| All alert levels set to "Recommended action". | Selected | +
-| Apply recommended actions. | Enabled | +
- +
- +
-Settings/Real-time protection +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Turn on real-time protection. | Selected | +
- +
- +
-Settings/Excluded files and locations, Settings/Excluded file types, Settings/Excluded processes are all optional settings that are not required for the audit. +
- +
- +
-Settings/Advanced +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Scan archive files. | Selected | +
-| Scan removable drives. | Selected | +
-| Create a system restore point. | Selected | +
-| Allow all users to view the full History results. | Selected | +
- +
- +
-Settings/MAPS (Microsoft SpyNet) +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Advanced membership. | Selected | +
- +
- +
-Validate Screen Saver Settings: +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Screen saver: Wait time. | 10 minutes | +
-| Screen saver: On resume, display logon screen. | Selected | +
- +
- +
-=== Windows 10 Defender Settings === +
- +
- +
-To manage the Windows 10 Defender settings, launch the Windows Defender Security Center. You can click the Start menu button and then start typing Windows Defender Security Center and as you type you will see the program listed in the filtered search list. Click the Windows Defender Security Center app to start the applicaton. +
- +
- +
-Option: Virus & Threat Protection / Threat History +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Confirm files are being scanned. | Note Last Scan Date | +
- +
- +
-Option: Virus & Threat Protection / Virus & threat protection settings +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Real-time protection. | On | +
-| Cloud-delivered protection. | On | +
-| Automatic sample submission. | Optional | +
-| Controlled folder access. (Default: None) | Optional | +
-| Exclusions. (Default: None) | Optional | +
-| Notifications | All On & Checked | +
- +
- +
-Option: Virus & Threat Protection / Virus & threat protection updates +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Threat definition version. | Current | +
-| Version created on. | Current | +
-| Last update. | Current | +
- +
- +
-Option: Virus & Threat Protection / Ransomware Protection +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Controlled folder access. | On | +
- +
- +
-Option: Firewall & Network Protection: (Default inbound/outbound rules are sufficient.) +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Domain network. | On | +
-| Private network. | On | +
-| Public network. | On | +
- +
- +
-The following options are not managed in the Windows Defender Security Center +
- +
- +
-From the Start Menu, type Settings to launch the Windows Settings app. +
- +
- +
-Option: Personalization / Lock screen / Screen saver settings +
- +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Screen Saver: Wait time. | 10 minutes | +
-| Screen Saver: On resume, display logon screen. | On | +
- +
- +
-The following configuration item is still under review because it is only achievable using the gpedit console. +
- +
-{{tablelayout?colwidth="300px,300px"&rowsFixed=1&rowsVisible=10&float=center}} +
-^ Setting ^ Value ^ +
-| Scan archive files. | On | +
-| Scan removable drives. | On | +
-| Create a system restore point. | On | +
-| Allow all users to view the full History reports. | On |+
  
  
erds/preparing_for_system_audit.1547576143.txt.gz · Last modified: by administrator