23 Jan The purpose of this assignment is to implement vulnerability and risk assessment techniques to justify implementation and en
The purpose of this assignment is to implement vulnerability and risk assessment techniques to justify implementation and enforcement of security policies.
Part 1:
For this assignment you will need to install the Belarc Advisor by going to the Belarc website and following the instructions provided in the "Belarc Installation, Saving, and Uploading Instructions" resource. Instructions for saving and uploading the assignment files are also included in this document. In step 10 you will complete a local system scan of your computer.
Note: If your computer utilizes an operating system other than Windows 7, Vista, or XP Pro, you will need to use the "Summary" file to complete the topic assignment rather than the local system scan outlined in step 10 of the "Belarc Installation, Saving, and Uploading Instructions."
Use the results of the local system scan to compose a 300-word paper that discusses each section's role in securing or protecting the scanned system. Expand each section to identify how the system passed or failed the various policies. For each section, address the following:
- Identify the section and explain why the system passed or failed.
- Explain the risks identified from the results.
- Discuss how a threat could exploit the risks and impact the system.
- Explain how the failed policies can be solved.
Part 2:
Using the "Risk Assessment Template," list 20 risks in the "Risk" column. The risks should be failed items from the Belarc Advisor results. Complete the remaining spreadsheet columns for each identified risk. The spreadsheet must include the following:
- Risk Title: Obtained from the Belarc Advisor report.
- Description: Summarize the information obtained from the Belarc Advisor report hyperlink (pop-up window).
- Vulnerability: Explain the vulnerability associated with this risk.
- Threat: Identify potential threats that can exploit this vulnerability.
- Current Safeguards: Identify if any policies or best practices are in place to reduce the likelihood the threat will be successful.
- Impact: Describe the impact if threat is successful.
- Severity: Measure the overall severity of the exploitation or impact.
- Likelihood: Measure the likelihood a threat will be successful.
- Risk Value: Measure the overall value of the risk (low = no real value is exploited; medium = dangerous if exploited; high = extremely grave if exploited).
Submit the 300-word paper, Belarc Advisor results (.xps or .pdf), and completed "Risk Assessment Template."
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are not required to submit this assignment to LopesWrite.
Benchmark Information
This benchmark assignment assesses the following programmatic competencies:
MS Information Technology Management
1.5: Evaluate system risks, threats, and vulnerabilities and practices and processes to ensure the safety and security of business information systems.
MS Information Assurance and Cybersecurity
3.2: Evaluate system risks, threats, and vulnerabilities and practices and processes to ensure the safety and security of business information systems.
Belarc Installation, Saving, and Uploading Instructions
1. Navigate to the Belarc website using the link below.
http://www.belarc.com/free_download.html
2. Select Download (Figure 1) to install the “Belarc Advisor” free personal use license.
Figure 1
3. Click Save File. Note the location where the file is being saved (Figure 2)
Figure 2
4. Launch the file and Run the installation process (Figure 3).
Figure 3
5. Click “Continue Installing Belarc Advisor” (Figure 4).
Figure 4
6. Click “I Agree” and “Install” (Figures 5 and 6).
Figure 5
Figure 6
7. When the application prompts to check for new Advisor security definitions, simply click “No” and leave the check box cleared (Figure 7).
8.
Figure 7
9. Allow the installation to move through several screen prompts.
a. Creating a profile of the computer (Figure 8).
b. Checking for missing security updates (Figure 9).
c. Checking the local network of this computer (Figure 10).
Figure 8
Figure 9
Figure 10
10. A browser will open, displaying your local system scan results. Use this output for your Topic 2 assignment (Figure 11).
Figure 11
Instructions to Save and Upload Files to LoudCloud
The Topic 2 assignment requires students to convert the file to either .xps or .pdf format and upload it to LoudCloud.
The following instructions have been tested using the browsers below.
Internet Explorer 11
1. Select the upper left-hand menu… File > Print.
2. Select either ‘Microsoft XPS Document Writer or PDFCreator” (or similar PDF software option) and click “Print” (Figure 12).
Figure 12
3. Save the file to an appropriate location using the following syntax lastnamefirstinitial_belarc (Figure 13).
Figure 13
4. In LoudCloud, submit both MS Word .docx file and Belarc results (.xps or .pdf) for grading.
Firefox 51.0 (32-bit)
1. In the upper right-hand, select the open-menu option, then “Print” (Figure 14).
Figure 14
2. From the print preview screen (Figure 15), click “Print” in the upper right-hand corner.
Figure 15
3. Choose the appropriate print option: Select either “Microsoft XPS Document Writer” or “PDFCreator” (or similar PDF software option) and click “Print” (Figure 16).
Figure 16
4. Save the file to an appropriate location using the following syntax lastnamefirstinitial_belarc (Figure 13 above).
5. In LoudCloud, submit both MS Word .docx file and Belarc results (.xps or .pdf) for grading.
© 2017. Grand Canyon University. All Rights Reserved.
,
The license associated with the Belarc Advisor product allows for free personal use only. Use on computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info. About Belarc Commercial and Government Products Back to Profile Summary Click any benchmark setting at right for documentation. Why are security benchmarks important for IT security? Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems. Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks. The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats ("Security Benchmarks: A Gold Standard." IA Newsletter, vol. 5 no. 3 Click here to view) To request a copy of our white paper, "Securing the Enterprise", click here. What is the USGCB Benchmark? The United States Government Configuration Baseline (USGCB) is a US Government OMB-mandated security configuration for Windows 7 and Internet Explorer 8. Developed by DoD, with NIST assistance, the benchmark is the product of DoD consensus. Click here for details. What are FDCC Benchmarks? The Federal Desktop Core Configuration (FDCC) is a US Government OMB-mandated security configuration for Windows Vista and XP. The Windows Vista FDCC is based on DoD customization of the Microsoft Security Guides for both Windows Vista and Internet Explorer 7.0. Microsoft's Vista Security Guide was produced through a collaborative effort with DISA, NSA, and NIST, reflecting the consensus recommended settings from DISA, NSA, and NIST. The Windows XP FDCC is based on US Air Force customization of the Specialized Security-Limited Functionality (SSLF) recommendations in NIST SP 800-68 and DoD customization of the recommendations in Microsoft's Security Guide for Internet Explorer 7.0. Click here for details. What is the Security Benchmark Score? The Belarc Advisor has audited the security of your computer using a benchmark appropriate to your operating system. The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats. The higher the number the less vulnerable your system. How can you reduce your security vulnerability? The local group policy editor (accessed by running the gpedit.msc command) can be used to configure security settings for your computer. Windows home editions don't include that editor, but most security settings can also be made with registry entries instead. Warning: Applying these security settings may cause some applications to stop working correctly. Back up your system prior to applying these security templates or apply the templates on a test system first. For domain member computers, the benchmark configurations are available from the benchmark creator's web site as Microsoft Group Policy Object files that can be used with Active Directory. Follow the links above to the web site of your Benchmark's creator. Security Benchmark Score Details Computer Name: MIS657-LAB343 (in GCU) Profile Date: Thursday, January 26, 2017 3:52:17 PM Advisor Version: 8.5c Windows Logon: Guest.User234 Active Directory OU: GCUProd/Workstations DNS Suffix: gcu.edu Try BelManage, the Enterprise version of the Belarc Advisor Score: 0.00 of 10 (what's this?) = Pass = Fail Benchmark: USGCB – Windows 7, Version 1.0.1.0 Expand all sections Account Lockout Policy Settings Section Score: 0.00 of 0.63 1. Account Lockout Duration (CCE-9308) 2. Account Lockout Threshold (CCE-9136) 3. Reset Account Lockout Counter After (CCE-9400) Password Policy Settings Section Score: 0.00 of 0.63 1. Enforce Password History (CCE-8912) 2. Maximum Password Age (CCE-9193) 3. Minimum Password Age (CCE-9330) 4. Minimum Password Length (CCE-9357) 5. Password Complexity (CCE-9370) 6. Reversible Password Encryption (CCE-9260) User Rights Assignments Section Score: 0.00 of 0.63 1. Access This Computer From The Network (CCE-9253) 2. Act As Part Of The Operating System (CCE-9407) 3. Adjust Memory Quotas For A Process (CCE-9068) 4. Log On Locally (CCE-9345) 5. Log On Through Terminal Services (CCE-9107) 6. Back Up Files and Directories (CCE-9389) 7. Bypass Traverse Checking (CCE-8414) 8. Change the System Time (CCE-8612) 9. Change the time zone (CCE-8423) 10. Create A Pagefile (CCE-9185) 11. Create A Token Object (CCE-9215) 12. Create Global Objects (CCE-8431) 13. Create Permanent Shared Objects (CCE-9254) 14. Create symbolic links (CCE-8460) 15. Debug Programs (CCE-8583) 16. Deny Access To This Computer From The Network (CCE-9244) 17. Deny Logon As A Batch Job (CCE-9212) 18. Deny Logon As A Service (CCE-9098) 19. Deny Logon Locally (CCE-9239) 20. Deny Logon Through Remote Desktop Services (CCE-9274) 21. Force Shutdown From A Remote System (CCE-9336) 22. Generate Security Audits (CCE-9226) 23. Impersonate a Client After Authentication (CCE-8467) 24. Increase a Process Working Set (CCE-9048) 25. Increase Scheduling Priority (CCE-8999) 26. Load And Unload Device Drivers (CCE-9135) 27. Lock Pages In Memory (CCE-9289) 28. Log On As A Batch Job (CCE-9320) 29. Log On As A Service (CCE-9461) 30. Manage Auditing And Security Log (CCE-9223) 31. Modify an object label (CCE-9149) 32. Modify Firmware Environment Values (CCE-9417) 33. Perform Volume Maintenance Tasks (CCE-8475) 34. Profile Single Process (CCE-9388) 35. Profile System Performance (CCE-9419) 36. Remove Computer From Docking Station (CCE-9326) 37. Replace A Process Level Token (CCE-8732) 38. Restore Files And Directories (CCE-9124) 39. Shut Down The System (CCE-9014) 40. Take Ownership Of Files Or Other Objects" (CCE-9309) Security Options Settings Section Score: 0.00 of 0.63 1. Accounts: Administrator account status (CCE-9199) 2. Accounts: Guest account status (CCE-8714) 3. Accounts: Limit local account use to blank passwords to console logon only (CCE-9418) 4. Accounts: Rename administrator account (CCE-8484) 5. Accounts: Rename guest account (CCE-9229) 6. Audit: Audit the access of global system objects (CCE-9150) 7. Audit: Audit the use of Backup and Restore privilege (CCE-8789) 8. Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (CCE-9432) 9. Devices: Prevent users from installing printer drivers (CCE-9026) 10. Devices: Restrict CD-ROM access to locally logged-on user only" (CCE-9304) 11. Devices: Restrict floppy access to locally logged-on user only (CCE-9440) 12. Domain member: Digitally encrypt or sign secure channel data (always) (CCE-8974) 13. Domain member: Digitally encrypt secure channel data (when possible) (CCE-9251) 14. Domain member: Digitally sign secure channel data (when possible) (CCE-9375) 15. Domain member: Disable machine account password changes (CCE-9295) 16. Domain member: Maximum machine account password age (CCE-9123) 17. Domain member: Require strong (Windows 2000 or later) session key (CCE-9387) 18. Interactive logon: Do not display last user name (CCE-9449) 19. Interactive logon: Do not require CTRL ALT DEL (CCE-9317) 20. Interactive logon: Message text for users attempting to log on (CCE-8973) 21. Interactive logon: Message title for users attempting to log on (CCE-8740) 22. Interactive logon: Number of previous logons to cache (in case domain controller is not available) (CCE-8487) 23. Interactive logon: Prompt user to change password before expiration (CCE-9307) 24. Interactive logon: Require Domain Controller authentication to unlock workstation (CCE-8818) 25. Interactive logon: Smart card removal behavior (CCE-9067) 26. Microsoft network client: Digitally sign communications (always) (CCE-9327) 27. Microsoft network client: Digitally sign communications (if server agrees) (CCE-9344) 28. Microsoft network client: Send unencrypted password to third-party SMB servers (CCE-9265) 29. Microsoft network server: Amount of idle time required before suspending session (CCE-9406) 30. Microsoft network server: Digitally sign communications (always) (CCE-9040) 31. Microsoft network server: Digitally sign communications (if client agrees) (CCE-8825) 32. Microsoft network server: Disconnect clients when logon hours expire (CCE-9358) 33. Microsoft network server: SPN Target name validation (CCE-8503) 34. Network access: Allow anonymous SID-Name translation (CCE-9531) 35. Network access: Do not allow anonymous enumeration of SAM accounts (CCE-9249) 36. Network access: Do not allow anonymous enumeration of SAM accounts and shares (CCE-9156) 37. Network access: Do not allow storage of passwords and credentials for network authentication (CCE-8654) 38. Network access: Let Everyone permissions apply to anonymous users (CCE-8936) 39. Network access: Named Pipes that can be accessed anonymously – netlogon, lsarpc, samr, browser (CCE-9218) 40. Network access: Remotely accessible registry paths (CCE-9121) 41. Network access: Remotely accessible registry paths and sub paths (CCE-9386) 42. Network access: Restrict anonymous access to Named Pipes and Shares (CCE-9540) 43. Network access: Shares that can be accessed anonymously (CCE-9196) 44. Network access: Sharing and security model for local accounts (CCE-9503) 45. Network security: Allow Local System to use computer identity for NTLM (CCE-9096) 46. Network security: Allow LocalSystem NULL session fallback (CCE-8804) 47. Network Security: Allow PKU2U authentication requests to this computer to use online identities (CCE-9770) 48. Network Security: Configure encryption types allowed for Kerberos (CCE-9532) 49. Network security: Do not store LAN Manager hash value on next password changes (CCE-8937) 50. Network security: Force logoff when logon hours expire (CCE-9704) 51. Network security: LAN Manager Authentication Level (CCE-8806) 52. Network security: LDAP client signing requirements (CCE-9768) 53. Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (CCE-9534) 54. Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (CCE-9736) 55. Recovery Console: Allow Automatic Administrative Logon (CCE-8807) 56. Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders (CCE-8945) 57. Shutdown: Allow System to be Shut Down Without Having to Log On (CCE-9707) 58. Shutdown: Clear Virtual Memory Pagefile (CCE-9222) 59. System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing (CCE-9266) 60. System objects: Require case insensitivity for non-Windows subsystems (CCE-9319) 61. System objects: Strengthen default permissions of internal system objects (CCE-9191) 62. User Account Control: Admin Approval Mode for the Built-in Administrator account (CCE-8811) 63. User Account Control: Allow UIAccess application to prompt for elevation without using the secure desktop (CCE-9301) 64. User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (CCE-8958) 65. User Account Control: Behavior of the elevation prompt for standard users (CCE-8813) 66. User Account Control: Detect application installations and prompt for elevation (CCE-9616) 67. User Account Control: Only elevate executables that are signed and validated (CCE-9021) 68. User Account Control: Only elevate UIAccess applications that are installed in secure locations (CCE-9801) 69. User Account Control: Run all administrators in Admin Approval Mode (CCE-9189) 70. User Account Control: Switch to the secure desktop when prompting for elevation (CCE-9395) 71. User Account Control: Virtualize file and registry write failures to per-user locations (CCE-8817) 72. MSS: (AutoAdminLogon) Enable Automatic Logon (Not Recommended) (CCE-9342) 73. MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (CCE-9496) 74. MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (CCE-8655) 75. MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (CCE-8513) 76. MSS: (Hidden) Hide computer from the browse list (Not Recommended except for highly secure environments) (CCE-8560) 77. MSS: (KeepAliveTime)How often keep-alive packets are sent in milliseconds (CCE-9426) 78. MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering (recommended) (CCE-9439) 79. MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (CCE-8562) 80. MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses (could lead to DoS) (CCE-9458) 81. MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) (CCE-9348) 82. MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) (CCE-8591) 83. MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (CCE-9456) 84. MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (CCE-9487) 85. MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (CCE-9501) System Services Settings Section Score: 0.00 of 0.63 1. Bluetooth Support Service (CCE-10661) 2. Fax Service (CCE-10150) 3. HomeGroup Listener (CCE-10543) 4. Homegroup Provider (CCE-9910) 5. Media Center Extender (CCE-10699) 6. Parental Controls Service (CCE-10311) Audit Policy Settings Section Score: 0.00 of 0.63 1. Application Group Management (CCE-8822) 2. Computer Account Management (CCE-9498) 3. Distribution Group Management (CCE-9644) 4. Other Account Management Events (CCE-9657) 5. Security Group Management (CCE-9692) 6. User Account Management (CCE-9542) 7. DPAPI Activity (CCE-9735) 8. Process Creation (CCE-9562) 9. Process Termination (CCE-9227) 10. RPC Events (CCE-9492) 11. Detailed Directory Service Replication (CCE-9628) 12. Directory Service Access (CCE-9765) 13. Directory Service Changes (CCE-9734) 14. Directory Service Replication (CCE-9637) 15. Account Lockout (CCE-8853) 16. IPsec Extended Mode (CCE-9661) 17. IPsec Main Mode (CCE-10939) 18. IPsec Quick Mode (CCE-9632) 19. Logoff (CCE-8856) 20. Logon (CCE-9683) 21. Other Logon/Logoff Events (CCE-9622) 22. Special Logon (CCE-9763) 23. Application Generated (CCE-9816) 24. Certification Services (CCE-9460) 25. File Share (CCE-9376) 26. File System (CCE-9217) 27. Filtering Platform Connection (CCE-9728) 28. Filtering Platform Packet Drop (CCE-9133) 29. Handle Manipulation (CCE-9789) 30. Kernel Object (CCE-9803) 31. Other Object Access Events (CCE-9455) 32. Registry (CCE-9737) 33. SAM (CCE-9856) 34. Audit Policy Change (CCE-10021) 35. Authentication Policy Change (CCE-9976) 36. Authorization Policy Change (CCE-9633) 37. Filtering Platform Policy Change (CCE-9902) 38. MPSSVC Rule-Level Policy Change (CCE-9153) 39. Other Policy Change Events (CCE-9596) 40. Non Sensitive Privilege Use (CCE-9190) 41. Other Privilege Use Events (CCE-9988) 42. Sensitive Privilege Use (CCE-9878) 43. IPsec Driver (CCE-9925) 44. Other System Events (CCE-9586) 45. Security State Change (CCE-9850) 46. Security System Extension (CCE-9863) 47. System Integrity (CCE-9520) Computer Configuration – Administrative Templates – Network Connections Section Score: 0.00 of 0.63 1. Turn on Mapper I/O (LLTDIO) driver (CCE-9783) 2. Turn on Responder (RSPNDR) driver (CCE-10059) 3. Turn Off Microsoft Peer-to-Peer Networking Services (CCE-10438) 4. Prohibit installation and configuration of Network Bridge on your DNS domain network (CCE-9953) 5. Require Domain users to elevate when setting a networks location (CCE-10359) 6. Route all traffic through the internal network (CCE-10509) 7. _6to4 State (CCE-10266) 8. ISATAP State (CCE-10130) 9. Teredo State (CCE-10011) 10. IP HTTPS (CCE-10764) 11. Configuration of Wireless Settings Using Windows Connect Now (CCE-9879) 12. Prohibit Access of the Windows Connect Now Wizards (CCE-10778) 13. Extend point and print connection to search Windows update and use alternate connection if needed (CCE-10782) Computer Configuration – Administrative Templates – System Settings Section Score: 0.00 of 0.63 1. Allow remote access to the PnP interface (CCE-10769) 2. Do not send a Windows Error Report when a generic driver is installed on a device (CCE-9901) 3. Prevent creation of a system restore point during device activity that would normally promp creation of a restore point. (CCE-10553) 4. Prevent device metadata retrieval from the internet (CCE-10165) 5. Specify search order for device driver source locations (CCE-9919) 6. Registry Policy (CCE-9361) 7. Turn off downloading of print drivers over HTTP (CCE-9195) 8. Turn off event views (Events.asp) links (CCE-9819) 9. Turn off handwriting personalization data sharing (CCE-10645) 10. Turn off handwriting recognition error reporting (CCE-10645) 11. Turn off Internet connection wizard if URL connection is referring to Microsoft.com (CCE-10649) 12. Turn off Internet download for Web publishing and online ordering wizards (CCE-9674) 13. Turn off Internet file association service (CCE-10795) 14. Turn off printing over HTTP (CCE-10061) 15. Turn off registration if URL connection is referring to Microsoft.com (CCE-10160) 16. Turn off Search Companion content file updates (CCE-10140) 17. Turn off the Order Prints picture task (CCE-9823) 18. Turn off the Publish to Web task for files and folders (CCE-9643) 19. Turn off the Windows Messenger Customer Experience Improvement Program (CCE-9559) 20. Turn Off Windows Error Reporting (CCE-10441) 21. Always Use Classic Logon (CCE-10591) 22. Do not process the run once list (CCE-10154) 23. Require a Password when a Computer Wakes (On Battery) (CCE-9829) 24. Require a Password when a Computer Wakes (Plugged) (CCE-9670) 25. Offer Remote Assistance (CCE-9960) 26. Solicited Remote Assistance (CCE-9506) 27. Turn on session logging (CCE-10344) 27. Restrictions for Unauthenticated RPC clients (CCE-9396) 29. RPC Endpoint Mapper Client Authentication (CCE-10181) Computer Configuration – Administrative Templates – System – Troubleshooting and Diagnostics Section Score: 0.00 of 0.63 1. Microsoft support diagnostic tool: turn on msdt interactive communication with support provider (CCE-9842) 2. Troubleshooting: allow user to access online troubleshooting content on Microsoft server from the troubleshooting control panel (CCE-10606) 3. Enable or disable perftrack (CCE-10219) Computer Configuration – Administrative Templates – Windows Components Section Score: 0.00 of 0.63 1. Confidure Windows NTP client (CCE-10500) 2. Turn off program inventory (CCE-10787) 3. Default behavior for autorun (CCE-10527) 4. Turn off Autoplay (CCE-9528) 5. Turn off autoplay for non volume devices (CCE-10655) 6. Enumerate administrator accounts on elevation (CCE-9938) 7. Do not allow digital locker to run (CCE-10759) 8. Override the More Gadgets Lnk (CCE-9857) 9. Disable unpacking and installation of gadgets that are not digitally signed (CCE-10811) 10. Turn Off User Installed Windows Sidebar Gidgets (CCE-10586) 11. Maximum Application Log Size (CCE-9603) 12. Maximum Security Log Size (CCE-9967) 13. Maximum Setup Log Size (CCE-10714) 14. Maximum Setup Log Size (CCE-10156) 15. Turn Off Downloading of Game Information (CCE-10828) 16. Turn off game updates (CCE-10850) 17. Prevent the computer from joining a Homegroup (CCE-10183) 18. Disable remote desktop sharing (CCE-10763) 19. Do not allow passwords to be saved (CCE-10090) 20. Allow users to connect remotely using Remote Desktop Services (CCE-9985) 21. Always prompt client for password upon connection (CCE-10103) 22. Set client connection encryption level (CCE-9764) 23. Set a time limit for active but idle Terminal Services sessions (CCE-10608) 24. Set a time limit for disconnected sessions (CCE-9858) 25. Do not delete temp folders upon exit (CCE-10856) 26. Do not use temporary folders per session (CCE-9864) 27. Turn off downloading of enclosures (CCE-10730) 28. Allow indexing of encrypted files (CCE-10496) 29. Enable indexing uncached Exchange folders (CCE-9866) 30. Prevent Windows anytime upgrade from running (CCE-10137) 31. Configure Microsoft SpyNet Reporting (CCE-9868) 32. Disable Logging (CCE-10157) 33. Disable Windows Error Reporting (CCE-9914) 34. Display Error Notification (CCE-10709) 35. Do Not Send Additional Data (CCE-10824) 36. Turn off data execution prevention for explorer (CCE-9918) 37. Turn off Heap termination on corruption (CCE-9874) 38. Turn off shell protocol protected mode (CCE-10623) 39. Disable IE security prompt for Windows Installer scripts (CCE-9875) 40. Enable user control over installs (CCE-9876) 41. Prohibit non-administrators from applying vendor signed updates (CCE-9888) 42. Report Logon Server Not Available During User logon (CCE-9907) 43. Turn off the communities features (CCE-11252) 44. windows_mail_application_manual_launch_permitted_var (CCE-10882) 45. Prevent Windows Media DRM Internet Access (CCE-9908) 46. Do Not Show First Use Dialog Boxes (CCE-10692) 47. Prevent Automatic Updates (CCE-10602) 48. Configure automatic updates (CCE-9403) 49. Reschedule automatic updates scheduled installation (CCE-10205) 50. No auto restart with logged on users for scheduled automatic updates installations (CCE-9672) 51. Do not display 'Install updates and shut down option' in shut down windows dialog box (CCE-9464) 52. Games are not installed 53. Internet Information Services 54. Simple TCPIP Services 55. Telnet Client 56. Telnet Server 57. TFTP Client 58. Windows Media Center Security Patches Section Score: 0.00 of 0.63 1. Security Patches Up-To-Date Windows Firewall Inbound Rules Section Score: 0.00 of 0.63 1. Core Networking – Dynamic Host Configuration Protocol (DHCP-In) (CCE-14986) 2. Core Networking – Dynamic Host Configuration Protocol (DHCPV6-In) (CCE-14854) Windows Firewall with Advanced Security – Domain Profile Section Score: 0.00 of 0.63 1. Log Dropped Packets (CCE-10502) 2. Logged Successful Connections (CCE-10268) 3. Name (CCE-10022) 4. Size Limit (CCE-9747) 5. Display a Notification (CCE-9774) 6. Apply Local Connection Security Rules (CCE-9329) 7. Apply Local Firewall Rules (CCE-9686) 8. Allow Unicast Response (CCE-9069) 9. Firewall state (CCE-9465) 10. Inbound Connections (CCE-9620) 11. Outbound Connections (CCE-9509) Windows Firewall with Advanced Security – Private Profile Section Score: 0.00 of 0.63 1. Log Dropped Packets (CCE-10215) 2. Logged Successful Connections (CCE-10611) 3. Name (CCE-10386) 4. Size Limit (CCE-10250) 5. Display a Notification (CCE-8884) 6. Apply Local Connection Security Rules (CCE-9712) 7. Apply Local Firewall Rules (CCE-9663) 8. Allow Unicast Response (CCE-9522) 9. Firewall state (CCE-9739) 10. Inbound Connections (CCE-9694) 11. Outbound Connections (CCE-8870) Windows Firewall with Advanced Security – Public Profile Section Score: 0.00 of 0.63 1. Log Dropped Packets (CCE-9749) 2. Logged Successful Connections (CCE-9753) 3. Name (CCE-9926) 4. Size Limit (CCE-10373) 5. Display a Notification (CCE-9742) 6. Apply Local Connection Security Rules (CCE-9817) 7. Apply Local Firewall Rules (CCE-9786) 8. Allow Unicast Response (CCE-9773) 9. Firewall state (CCE-9593) 10. Inbound Connections (CCE-9007) 11. Outbound Connections (CCE-9588) Internet Explorer 8 – Local Computer Policy Section Score: 0.00 of 0.63 1. Disable Configuring History – Local Computer (CCE-10387) 2. Disable Changing Automatic Configuration Settings – Local Computer (CCE-10638) 3. Do Not Allow Users to enable or Disable Add-Ons – Local Computer (CCE-10235) 4. Make proxy settings per-machine (rather than per-user) – Local Computer (CCE-9870) 5. Prevent participation in the Customer Experience Improvement Programs – Local Computer (CCE-10522) 6. Prevent performance of First Run Customize settings – Local Computer (CCE-10641) 7. Security Zones: Do Not Allow Users to Add/Delete Sites – Local Computer (CCE-10394) 8. Security Zones: Do Not Allow Users to Change Policies – Local Computer (CCE-10037) 9. Security Zones: Use Only Machine Settings – Local Computer (CCE-10096) 10. Turn Off Crash Detection – Local Computer (CCE-10594) 11. Turn Off Managing SmartScreen Filter – Local Computer (CCE-9973) 12. Turn Off the Security Settings Check Feature – Local Computer (CCE-10607) 13. Include updated Web site lists from Microsoft – Local Computer (CCE-10603) 14. Configure Delete Browsing History on exit – Local Computer (CCE-10590) 15. Prevent Deleting Web sites tha
