Level II Assessment Forms
The following forms, as shown in Tables B.5, B.6, and B.7, can be used when assessing servers and during system demonstrations.
Password Action | Recommended Value | Actual Value |
---|---|---|
Enforce password history | 10 days | |
Maximum password age | 30 days | |
Minimum password age | 1 day | |
Minimum password length | 7 characters | |
Passwords must meet complexity | Enabled | |
Account lockout threshold | After 3 attempts |
Auditing | Recommended Value | Actual Value |
---|---|---|
Audit system events | Success and failure | |
Audit process tracking | None | |
Audit privilege use | Failure | |
Audit account logon events | Failure | |
Audit account management | Success and failure | |
Audit directory service access | None | |
Audit logon events | Failure | |
Audit object access | Success |
Get Inside Network Security Assessment: Guarding Your IT Infrastructure now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.