Site Tools


erds:preparing_for_system_audit

This is an old revision of the document!


Preparing For A System Audit

CeRTNA ERDS workstations must pass a security audit prior to processing production level transactions through the CeRTNA ERDS platform. Per the California DOJ Baseline Security Requirements, CeRTNA ERDS workstations must be used only for CeRTNA ERDS activity. The follow topics are designed to help you prepare your workstation so that it will meet the CeRTNA ERDS audit requirements.

Additional Workstation Preparation

In addition to the hardware recommendations outlined in the Hardware & OS Requirements document, CeRTNA ERDS workstations must also have Anti-Virus/Anti-Malware software installed.

For Windows 7 workstations, CeRTNA recommends the installation of Microsoft Security Essentials, however, other software tools are also acceptable, such as Symantec Endpoint Protection. Microsoft Security Essentials can be downloaded for free from the following URL:

https://www.microsoft.com/en-us/download/details.aspx?id=5201

For Windows 10 workstations, Microsoft Security Essentials is built into the operating system in the form of a product named Windows Defender. As with Windows 7 workstations, other products such as Symantec Endpoint Protection are also acceptable.

The CeRTNA ERDS workstation audit will require a clean Microsoft Baseline Security Analyzer (MBSA) report. The Microsoft Baseline Security Analyzer 2.3 (MBSA) software can be downloaded from the following URL:

https://www.microsoft.com/en-us/download/details.aspx?id=7558

Once you have downloaded and installed the MBSA software, complete the following tasks:

  • Rename the Administrator account on the CeRTNA ERDS workstation.
  • Create individual user accounts (non-admin) for the users that are or will be authorized to use
  • the CeRTNA ERDS workstation.
  • Disable the local Guest account.
  • Ensure the anti-virus/anti-malware software is active.
  • As an Administrator run the MBSA 2.2 software and clear all issues. (Exceptions)

System Audit

During your system audit, you will be asked to perform the following tasks as an Administrator to show that the CeRTNA ERDS workstation meets the workstation security configuration requirements:

Run/review MSBSA 2.2 output. Validate clean report (exceptions)

  • Record output

Validate System Properties

Path: Control Panel\System

  • Windows 10 operating system with 8.00 GB RAM (minimum)
  • or
  • Windows 7 (x86 or x64) operating system with 4.0 GB RAM (minimum)
  • Record output

Path: Control Panel\Administrative Tools\Local Security Policy\Account Policies\Password Policy

Setting Value
Enforce password history 5
Maximum password age 30
Minimum password age 1
Minimum password length 8
Password must meet complexity requirements Enabled
Store passwords using reversible encryption Disabled

Path: Control Panel\Administrative Tools\Local Security Policy\Account Policies\Account Lockout Policy

Setting Value
Account lockout duration 60 mins
Account lockout threshold 3 invalid logon attempts
Reset account lockout counter after 60 mins

Path: Control Panel\Administrative Tools\Local Security Policy\Local Policies\Audit Policy

  • Select all items for audit of success and failure.

Path: Control Panel\Administrative Tools\Local Security Policy\Local Policies\Security Options (s=

Setting Value
Accounts:Guest account status Disabled
Accounts:Rename administrator account {New Name}
Accounts:Rename administrator account {New Name}

Path (Win10): Control Panel\System and Security\Windows Defender Firewall\Customize Settings (See note)

Setting Value
Private network settings Turn on Windows Defender Firewall
Public network settings Turn on Windows Defender Firewall

Path (Win7): Control Panel\System and Security\Windows Firewall\Customize Settings (See note)

Setting Value
Private network settings Turn on Windows Firewall
Public network settings Turn on Windows Firewall

Note: CeRTNA does not require any custom firewall rules to be applied. The only requirement is that a local workstation based firewall is enabled with the default settings. Organizations that have a product like Symantec Endpoint Protection will use the Symantec Endpoint Protection firewall, which will disable the Windows Firewall. Regardless of the local firewall that is used, you will need to show the auditor that the firewall for private and public networks is enabled.

Path (Win10):System\Windows Update

By default Windows 10 Updates are enabled. Verify the Windows Update History to show that the updates are being applied.

Path (Win7):System\Windows Update

Setting Value
Install updates automatically Selected
Install new updates every day Selected
Allow all users to install updates on this computer Selected

Control Panel\All Control Panel Items\Power Options\System Settings

Setting Value
Require a password on wakeup Selected

Path (Win10):Settings\Lock Screen\Screen saver settings

Setting Value
On resume, display logon screen Enabled

Microsoft Security Essentials (Win7) or Windows Defender (Win10)

If you are using Windows 7 Security Essentials or Windows 10 Defender, you will need to have your anti-virus and anti-malware settings enabled. If you are using a 3rd party product, such as Symantec Endpoint Protection or AVG Anti-Virus protection, you will need to show the auditor equivalent settings that show that the computer is being protected with anti-virus/anti-malware software, the version information for the software and the virus definition files, the scan frequency, and a history showing the scans are being performed.

Windows 10 Defender Settings

To review the Windows 10 Defender settings:

Open the Windows Defender Security Center. Click the Virus & threat protection link on the sidebar. Click the Virus & threat protection settings link.

Settings\Scheduled scan Run a scheduled scan on my computer Daily/Full scan Check for the latest virus &spyware definitions before running a scheduled scan Selected Start the scheduled scan only when my computer is on but not in use Selected Settings\Default actions All alert levels set to “Recommended action” Selected Apply recommended actions Enabled Settings\Real-time protection Turn on real-time protection Enabled Monitor file and program activity on your computer Enabled Scan all downloaded files and attachments Enabled Settings/Excluded files & locations NONE Settings/Excluded file types NONE Settings/Excluded processes NONE Printed: April 6, 2016 CeRTNA | Proprietary & Confidential 5 5 55 ERDS WORKSTATION CONFIGURATION Settings/Advanced Scan archive files Enabled Scan removable drives Enabled Create a system restore point Enabled Allow all users to view the full History reports Enabled Settings/Microsoft SpyNet Advanced membership Enabled Validate Screen Saver Settings Screen Saver Wait time: 10 On resume, display logon screen Enabled Java Configuration Ensure version   is installed Control Panel/Java/Advanced/Java plug-in/ Enable the next-generation Java Plug-in Unchecked Control Panel/Java/Update/ Check for Updates Automatically Unchecked MBSA Exceptions There should be an IE zones exception on the report. This is acceptable as this is based on the configuration required.

erds/preparing_for_system_audit.1528847205.txt.gz · Last modified: by administrator