|
|
 |
|
|
|
register |
bbs |
search |
rss |
faq |
about
|
|
|
meet up |
add to del.icio.us |
digg it
|
|
|
|
Naval Surface Warfare Center's Risk Assesment Form
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
NAVAL SURFACE WARFARE CENTER,
DAHLGREN DIVISION
AIS SECURITY OFFICE, CODE C2
COMPUTER RISK ASSESSMENT
OCTOBER 16 96 PART II (V2.3.2)
Risk Assessment/Countermeasure Analysis/Security Test and
Evaluation (ST&E) for Microsoft Windows NT 3.51
Computer Systems. (May be used as a general guide for 4.0)
This AIS is:
( ) LOCATED AT NSWC DAHLGREN/WHITE OAK OR
( ) Complete site description is attached
a. Threat/Vulnerability: Unauthorized System Access
Operating Countermeasures:
TRUE FALSE
Accounts.
__ __ Guest account is disabled.
(Check Administrative Tools, User Manager, highlight
guest and hit enter)
If Guest access is allowed:
__ __ Audit trails for all accesses are enabled.
Name of software product that does audits:
If system is intended to serve multiple users:
__ __ System is configured as NTFS file system?
(Administrative Tools, Disk Administrator)
If the system is NTFS you can configure permissions
via the file manager, permissions.
Entire Disk(s):
SYSTEM full control
Administrators full control
Users read add write execute
Everyone read only
%SYSTEMROOT%\SYSTEM32\CONFIG directory:
SYSTEM full control
Administrators full control
CREATOR OWNER full control
Everyone or Users add permission only
TEMP directory (e.g. C:\TEMP) :
SYSTEM full control
Administrators full control
CREATOR OWNER full control
Everyone or Users add permission only
Passwords.
__ __ Passwords are at least seven characters in length.
(Check Administrative Tools, User Manager, highlight
user and hit enter, count asterisks )
__ __ Passwords are changed at least once a year.
__ __ Password is enabled for screen saver
(Control Panel, Desktop)
Access.
__ __ Direct modem dial-in access is not permitted.
IF FALSE: Provide phone number used to call in via modem, security
measures in place (i.e. callback, securID) and purpose for
connection:
Network, File Sharing, Program linking
TRUE FALSE
__ __ FTP Server is installed?
(Check Control Panel, Networks)
IF TRUE:
__ __ Anonymous Accounts are disabled. (If Anonymous
Accounts are enabled complete AR part 4 for this AIS)
__ __ User guest is disallowed.
__ __ All users have CID/Passwords.
__ __ SNMP is installed?
(Check Control Panel, Networks )
IF TRUE:
__ __ Community string "public" is not used
(Check Control Panel, Networks, Configure, Security )
__ __ System shares/exports file information via disk sharing?
(Check Control Panel, Server, Shares (Don't worry about
Admin$ C$ D$ IPC$))
IF TRUE:
__ __ All File Sharing/Program Link accesses are logged.
How:
===> WHO REVIEWS LOG FILES AND HOW OFTEN:
Risk Rating: ( ) High ( ) Moderate ( ) Low ( ) Not Applicable
Comments:
ST&E: ( ) Pass ( ) Fail
Comments:
b. Threat/Vulnerability: Misuse of Computer Resources.
Operational Countermeasures:
( ) Virus detection software that can detect modifications to
files is run on regular basis.
Name of software package:
( ) Login banner is displayed per naval message CNO 311248Z
JAN 95.
NOTE: This can be accomplished using the regedit program.
(CD2S recommends users make a backup of their registry before
editing)
hive: HKEY_LOCAL_MACHINE
key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
name: LegalNoticeCaption
type: REG_SZ
value: Enter warning notice between the ""s
( ) Monitoring device(s) are not used.
( ) If used, monitoring device(s) is approved in writing by
the ISSM (Including operating AIS network interface in
promiscuous mode)
Risk Rating: ( ) High ( ) Moderate ( ) Low
Comments:
ST&E: ( ) Pass ( ) Fail
Comments:
Risk Assessment Completed By (Primary User):
Neatly Printed Name:____________________________
Common ID:
Phone Number:
Signature:_______________________________________
ST&E Completed By:
Neatly Printed Name:____________________________
Date:
Common ID:
Phone Number:
Signature:_______________________________________
ADDITIONAL COMMENTS AND EXPLANATIONS
Use as Many additional pages as necessary
|
|
|
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.
totse.com certificate signatures
|
|
|
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
|
|
|
|
|
|
