|
|
|
|
|
register |
bbs |
search |
rss |
faq |
about
|
|
|
meet up |
add to del.icio.us |
digg it
|
|
|
Naval Surface Warfare Center's Risk Assesment Form
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
NAVAL SURFACE WARFARE CENTER, DAHLGREN DIVISION
IS SECURITY OFFICE, CODE CD2S
MACINTOSH RISK ASSESSMENT
JUNE 13 97 PART II (V2.5)
Risk Assessment/Countermeasure Analysis/Security Test and
Evaluation (ST&E) for Apple Macintosh System 7
Computer Systems.
This AIS is:
( ) LOCATED AT NSWC DAHLGREN/WHITE OAK OR
( ) Complete site description is attached
a. Threat/Vulnerability: Unauthorized System Access
Operating Countermeasures:
TRUE FALSE
Network, File Sharing, Program linking
__ __ Is file sharing and/or program linking disabled?
(Check Control Panel, Sharing Setup)
IF FALSE:
__ __ All File Sharing/Program Link accesses are logged.
How:
__ __ Guest, anonymous accounts/access are not allowed
i.e. all accounts have CommonIDs and passwords.
(Check Control Panel, Users & Groups)
If FALSE:
__ __ Audit trails for all accesses are enabled.
Name of software product that does audits:
Passwords.
__ __ Passwords are at least seven characters in length.
__ __ Passwords are changed at least once a year.
Access.
__ __ Direct modem dial-in access is not permitted.
__ __ If dial-in access is permitted, callback devices are
used.
__ __ Does this system run an FTP server such as FTPd or
NetPresenz?
If so, which accounts are active (Owner, Users, Guests)
and what permissions are set for these accounts?
__ __ Does this system run an AppleShare that can be accessed
over TCP/IP (e.g. from the internet).
===> WHO REVIEWS LOG FILES AND HOW OFTEN:
Risk Rating: ( ) High ( ) Moderate ( ) Low ( ) Not Applicable
Comments:
ST&E: ( ) Pass ( ) Fail
Comments:
b. Threat/Vulnerability: Misuse of Computer Resources.
Operational Countermeasures:
( ) Virus detection software that can detect modifications to
files is run on regular basis.
Name of software package:
( ) AISSO periodically audits files and directories on
this AIS.
How often?
( ) Login banner is displayed per naval message CNO 311248Z
JAN 95.
( ) Monitoring device(s) are not used.
( ) If used, monitoring device(s) is approved in writing by
the ISSM (Including operating AIS network interface in
promiscuous mode)
Risk Rating: ( ) High ( ) Moderate ( ) Low
Comments:
ST&E: ( ) Pass ( ) Fail
Comments:
Risk Assessment Completed By (Primary User):
Neatly Printed Name:____________________________
Common ID:
Phone Number:
Signature:_______________________________________
ST&E Completed By:
Neatly Printed Name:____________________________
Date:
Common ID:
Phone Number:
Signature:_______________________________________
ADDITIONAL COMMENTS AND EXPLANATIONS
Use as Many additional pages as necessary
|
|
|
To the best of our knowledge, the text on this page may be freely reproduced and distributed. If you have any questions about this, please check out our Copyright Policy.
totse.com certificate signatures
|
|
|
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
|
|
|
|
|
|