Presentation is loading. Please wait.

Presentation is loading. Please wait.

EMEZEN WINDOWS OS SECURITY CONFIGURATIONS

Published byMika Niemi Modified over 6 years ago

Similar presentations

Presentation on theme: "EMEZEN WINDOWS OS SECURITY CONFIGURATIONS"— Presentation transcript:

1 EMEZEN WINDOWS OS SECURITY CONFIGURATIONS
A few thoughts (a) what's the overall assessment of this audit (Sat. Needs Improvement, UnSat.) and a brief supporting rationals (ref. to my yesterday's .) (b) no need for slide #3 - template (c) need a slide for scope of the audit (d) each finding should have a name e.g. inadequate access control (e) ideally, you should incorporate all those elements in a couple of paragraphs when writing up findings. But if you have trouble to organize the sentences, you can leave it for now. Team leader should open the discussion (watch that video again...), and take us through a few slide about your audit scope/coverage and overall conclusion (with brief supporting...e.g. "Control environment associated with Active Directory is "Required Improvement". The rating is driven by....." Then, I expect each team member to take us through at least ONE audit finding along the risk rating (H/M/L)(don't forget the 5 key elements we mentioned during the class) Iyana Lester, Yijiang Li, Yuan Liu,Ugo Nwadike, and Hanqing Zhou

2 AUDIT OBJECTIVE & SCOPE FINDINGS Q&A
AGENDA AUDIT OPINION AUDIT OBJECTIVE & SCOPE FINDINGS Q&A Yijiang

3 AUDIT OPINION Hanqing Overall rating: Unsatisfactory
Inappropriate control environment The risk management be audited falls outside acceptable parameters The number and severity of issues is higher than acceptable level Lack of adequate and effective IT asset management processes and controls to maintain CIA Overall risk level: High Area of Finding Risk Rating Access Control High Patch Management Moderate Network Architecture Firewall Configuration Unsecured Mobile Devices Hanqing

4 AUDIT OBJECTIVE & SCOPE
Objective: Assessing the security configuration for multiple versions of Windows Operating Systems to determine whether our current security mechanisms can play its role efficiently and effectively. Scope: Access Control (account log on, password settings, and account lockout) Patch Management (patches should be installed in a timely manner) Network Architecture (basic defend line of windows operating system) Firewall Configuration (filtering policy of applications for both blacklist and whitelist) Unsecured mobile devices (personal information and data could be leaked by inappropriate usage of these devices) Out-of-Scope: General settings of applications and software will not be performed in this audit, because they are not related to the security configuration of this audit directly. A separate audit will be conducted to address these things. Yijiang

5 Assessment will define our findings along with the risk rating

6 INADEQUATE ACCESS CONTROL
Finding: 25 users observed across the organizations business units, all users had unlimited attempts to log into their accounts. Standard: While the organizations IT policy permits 3 invalid logon attempts before users are locked of the system indefinitely and must an administrator to reset their password. Root Cause: Account lockout threshold is currently set to 0 invalid logon attempt to prevent hackers from locking users out of the system. Impact: Affect the organization globally as the the risk that unwarranted access to organizational computer resources (data, programs, equipment, and facilities) is not currently limited. Recommendation: Configure the value for Account lockout threshold to a value that provides users with the ability to mistype their password several times, but locks out the account if a brute force password attack occurs. Risk Rating: High Iyana Of 25 users observed across the organizations business units, all users had unlimited attempts to log into their accounts. This allows for the system to be improperly access from hacking using algorithms. While the organizations IT policy permits 3 invalid logon attempts before users are locked of the system indefinitely and must an administrator to reset their password. Under further review it was found that the Account lockout threshold is currently set to 0 invalid logon attempt to prevent hackers from locking users out of the system. This presents a high risk to the organization, as the risk that unwarranted access to organizational computer resources (data, programs, equipment, and facilities) is not currently limited. We suggest configuring the value for Account lockout threshold to a value that provides users with the ability to mistype their password several times, but locks out the account if a brute force password attack occurs therefore protecting these resources against unauthorized modification, loss, and disclosure

7 UNSATISFACTORY PATCH MANAGEMENT
Finding: The current operating system still uses prior patch version, which leaves the operating system in an incomplete protection. Standards: The organization need to install applicable vendors supplied security patches in a time manner. The operating system should be regularly maintained by security patches within thirty 30 days after released by the vendor. (NIST SP ) Root Cause: 1) Failure to check about the vendor’s updates; 2) Insufficient staff awareness Impact: The old version of the pactes cannot fix the newest vulnerabilities and bugs, it also affects the operating system’s usability and performance and the attackers can easily design codes to attack the operating system. Recommendation: 1) Applying patches in a timely manner; 2) Designing and implementing an automated patch management control processes; 3) Employees awareness training. Risk Rating: Moderate Hanqing

8 NETWORK ARCHITECTURE ISSUES
Finding: The current operating system and database application configuration do not meet the minimum industry recommended security configuration standard. Standard: Controls should provide reasonable assurance to ensure that assets are protected against unauthorized use, loss, waste, and misappropriation.The guidance recommends that all relevant patches be installed. Root Cause: Our internal scans discovered open ports with available services that could be vulnerable. Impact: Noncompliance with existing policies will expose our windows operating system to unauthorized access and malicious attacks. Recommendation: Periodic review of operating systems, establishment of automated process to detect & remove unnecessary account, and to Initiate computer security awareness training for users. Risk Rating: Moderate Ugo

9 FIREWALL MISCONFIGURATION
Finding: The operating system’s built-in firewall sometimes filters the secure applications but misses the suspicious one. Standard: The firewall filtering policy for both whitelist and blacklist should exactly based on the importance of the company’s common software and applications. Root Cause: The Windows’ built-in firewall is not able to satisfy our company’s changing business environment and needs. Impact: Blocking the secure application or process could affect the operating efficiency of our enterprise; however, ignoring the suspicious application could cause potential security hazard. Recommendation: (1) Revising the current firewall policies of the operating system based on the importance of our most-used software. (2) Purchasing the generic edition of firewall software from third-party vendors. (3) Customizing a unique version of firewall application from third-party vendors. Risk Rating: Moderate Yijiang

10 UNSECURED MOBILE DEVICES
Finding: Sometimes employees use unmanaged mobile devices, such as mobile phones, laptops and tablets, which come with their personal information and organization’s sensitive data. Standard: The mobile device management policy is based on the NIST to support confidentiality, integrity, and availability of mobile devices and to against a variety of threat. Root Cause: Lack of physical security controls, use of untrusted mobile devices, use of untrusted networks, use of application created by unknown parties, interaction with other systems, use of untrusted content, and use of location services. Impact: Personal information lost, computer virus implantation, organization’s sensitive data stolen, and devices blocked and remoted. Recommendation: (1) Regulation shown range and limitation of organization’s mobile device use. (2) Application created for network, content, and system security check. (3) Awareness training. Risk Rating: Moderate Yuan Unmanaged mobile devices with personal and organization’s sensitive data

11 Q&A Hanqing (another vision)

12 REFERENCE i. ii. controls-at-premera-blue-cross.pdf iii. iv. Network Architecture, Security Issues, and Hardware Implementation...by :Sergio Saponara & Tony Bacchillone. Journal of Computer Networks and Communications; Atmel 2009: v. Information Systems Controls at the National Museum of American History, Behring Center. Number A-04-02; June 16, Audit Report.

Download ppt "EMEZEN WINDOWS OS SECURITY CONFIGURATIONS"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

1 Pertemuan 9 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
A First Course in Information Security

A First Course in Information Security
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Similar presentations

Ads by Google