Network Detective. Prepared For: Your Customer / Prospect Prepared By: Your Company Name

Similar documents
HIPAA Assessment. Prepared For: ABC Medical Center Prepared By: Compliance Department

Security Assessment. Prepared For: Prospect Or Customer Prepared By: Your Company Name

PTS Customer Protection Agreement

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

Ryan KS office thesee

Information Technology Procedure IT 3.4 IT Configuration Management

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

Network Performance, Security and Reliability Assessment

Payment Card Industry (PCI) Data Security Standard

201 CMR COMPLIANCE CHECKLIST Yes No Reason If No Description

CS 356 Operating System Security. Fall 2013

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

The University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems

Security Aspects Control Rationale Best Practices Self-Assessment (Click all that applicable) 1. Security Policy and Security Management

Web Cash Fraud Prevention Best Practices

CIS Controls Measures and Metrics for Version 7

PCI Compliance Assessment Module with Inspector

TOP 10 IT SECURITY ACTIONS TO PROTECT INTERNET-CONNECTED NETWORKS AND INFORMATION

Easy-to-Use PCI Kit to Enable PCI Compliance Audits

FOLLOW-UP REVIEW OF RISK MANAGEMENT ETC RISK MANAGEMENT FRAMEWORK

Juniper Vendor Security Requirements

Security of Information Technology Resources IT-12

How do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?

Sophos Enterprise Console advanced startup guide

SECURITY POLICY FOR USER. 1.Purpose: The policy aims at providing secure and acceptable use of client systems.

CIS Controls Measures and Metrics for Version 7

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Information Security Policy

HIPAA Compliance Assessment Module

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

BUFFERZONE Advanced Endpoint Security

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

HISPOL The United States House of Representatives Internet/ Intranet Security Policy. CATEGORY: Telecommunications Security

SECURITY PRACTICES OVERVIEW

NEN The Education Network

Best Practices Guide to Electronic Banking

Locking down a Hitachi ID Suite server

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

Judiciary Judicial Information Systems

PCI Compliance Updates

Total Security Management PCI DSS Compliance Guide

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

3 rd Party Certification of Compliance with MA: 201 CMR 17.00

Securing Today s Mobile Workforce

Key Features. DATA SHEET

Server Hardening Title Author Contributors Date Reviewed By Document Version

Windows Server Security Best Practices

Network Infrastructure, Desktop, and Server Support Service Level Agreement

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

CompTIA Security+(2008 Edition) Exam

NMHC HIPAA Security Training Version

ISO27001 Preparing your business with Snare

Submitted on behalf of the DOE National SCADA Test Bed. Jeff Dagle, PE Pacific Northwest National Laboratory (509)

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Recommendations for Implementing an Information Security Framework for Life Science Organizations

CYBERSECURITY RISK LOWERING CHECKLIST

Google Cloud Platform: Customer Responsibility Matrix. April 2017

Endpoint Security Can Be Much More Effective and Less Costly. Here s How

BUFFERZONE Advanced Endpoint Security

PCI DSS 3.2 AWARENESS NOVEMBER 2017

Security Standards for Electric Market Participants

PART 5: INFORMATION TECHNOLOGY RECORDS

Information Technology General Control Review

emarketeer Information Security Policy

Employee Security Awareness Training Program

Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.

ForeScout Extended Module for Palo Alto Networks Next Generation Firewall

Content for Sophos- Theory and lab session

University of Sunderland Business Assurance PCI Security Policy

PCI DSS Compliance. White Paper Parallels Remote Application Server

Checklist: Credit Union Information Security and Privacy Policies

OUR CUSTOMER TERMS CLOUD SERVICES - INFRASTRUCTURE

Aligning with the Critical Security Controls to Achieve Quick Security Wins

Internal Audit Report DATA CENTER LOGICAL SECURITY

Identity Theft Prevention Policy

University of Alabama at Birmingham MINIMUM SECURITY FOR COMPUTING DEVICES RULE July 2017

Antivirus: Proactively detects and disables more known and even unknown new malware threats than any other security product.

Sophos Enterprise Console

Texas A&M University: Learning Management System General & Application Controls Review

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

Best Practices (PDshop Security Tips)

TestBraindump. Latest test braindump, braindump actual test

Getting Started Guide. This document provides step-by-step instructions for installing Max Secure Anti-Virus and its prerequisite software.

Table of Contents. Policy Patch Management Version Control

Relius Administration Version 19.1 Upgrade Installation and Configuration. October 28, 2014

Client Computing Security Standard (CCSS)

7.16 INFORMATION TECHNOLOGY SECURITY

Computer Classroom Security Standard

Improving Software Quality with a Clean Build Process

University of Maine System Payment Card Industry Data Security Standard (PCI DSS) Guide for Completing Self Assessment Questionnaire (SAQ) SAQ C

VANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER

Frequently Asked Questions (FAQ)

WHITE PAPERS. INSURANCE INDUSTRY (White Paper)

User Guide. Version R95. English

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

IT Service Delivery And Support Week Four - OS. IT Auditing and Cyber Security Fall 2016 Instructor: Liang Yao

Transcription:

Network Detective Prepared For: Your Customer / Prospect Prepared By: Your Company Name

Agenda Environment Risk and Issue Score Issue Review Next Steps

Environment - Overview Domain Domain Controllers 1 Number of Organizational Units 17 Users # Enabled 74 Last Login within 30 days 33 Last Login older than 30 days 41 # Disabled 59 Last Login within 30 days 0 Last Login older than 30 days 59 Security Group Groups with Users 39 # Total Groups 74 Computers in Domain Total Computers 144 Last Login within 30 days 55 Last Login older than 30 days 89

Environment - Patching

Risk and Issue Score Risk Score Issue Score

Unsupported operating systems (97 pts) Issue: 2 computers found using an operating system that is no longer supported. Unsupported operating systems no longer receive vital security patches and present an inherent risk. Recommendation: Upgrade or replace computers with operating systems that are no longer supported.

Anti-spyware not installed (94 pts) Issue: Anti-spyware software was not detected on some computers. Without adequate anti-virus and anti-spyware protection on all workstations and servers, the risk of acquiring malicious software is significant. Recommendation: Assure that anti-spyware is deployed to all possible endpoints in order to prevent both security and productivity issues.

Anti-virus not installed (94 pts) Issue: Anti-virus software was not detected on some computers. Without adequate anti-virus and anti-spyware protection on all workstations and servers, the risk of acquiring malicious software is significant. Recommendation: To prevent both security and productivity issues, we strongly recommend ensuring that anti-virus is deployed to all possible endpoints.

Lack of redundant domain controller (85 pts) Issue: Only one domain controller was found on the network. There is a heightened risk of business downtime, loss of data, or service outage due to a lack of redundancy. Recommendation: Evaluate the risk, cost, and benefits of implementing a redundant Domain Controller.

User password set to never expire (80 pts) Issue: User accounts with passwords set to never expire present a risk of use by unauthorized users. They are more easily compromised than passwords that are routinely changed. Recommendation: Investigate all accounts with passwords set to never expire and configure them to expire regularly.

Potential disk space issue (68 pts) Issue: 4 computers were found with significantly low free disk space. Recommendation: Free or add additional disk space for the specified drives.

Operating system in Extended Support (20 pts) Issue: 4 computers are using an operating system that is in Extended Supported. Extended Support is a warning period before an operating system is no longer supported by the manufacturer and will no longer receive support or patches. Recommendation: Upgrade computers that have operating systems in Extended Support before end of life.

Inactive computers (15 pts) Issue: 89 computers have not checked in during the past 30 days Recommendation: Investigate the list of inactive computers and determine if they should be removed from Active Directory, rejoined to the network, or powered on.

User has not logged on to domain 30 days (13 pts) Issue: 41 Users that have not logged in in 30 days could be from A user that has not logged in for an extended period of time could be a former employee or vendor. Recommendation: Disable or remove user accounts for users that have not logged on to active directory in 30 days.

Un-populated organization units (10 pts) Issue: Empty organizational units (OU) were found in Active Directory. They may not be needed and can lead to misconfiguration. Recommendation: Remove or populate empty organizational units.

Insecure listening ports (10 pts) Issue: 20 computers are to be using potentially insecure protocols. Recommendation: There may be a legitimate business need, but these risks should be assessed individually. Certain protocols are inherently insecure since they often lack encryption. Inside the network, their use should be minimized as much as possible to prevent the spread of malicious software. Of course, there can be reasons these services are needed and other means to protect systems which listen on those ports. We recommend reviewing the programs listening on the network to ensure their necessity and security.

Next Steps Agree on List of Issues to Resolve Present Project Estimates and Costs Establish Timelines Set Milestones Get Signoff to Begin Work

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback