KHIKA Standard Hardening Policies
Revision as of 06:52, 14 June 2019 by Dhanashree kulkarni (talk | contribs)
KHIKA Server Hardening for Windows Servers
The Policies and rules available in the default Server Hardening template provided by KHIKA for Windows Servers (2007 onwards) is as mentioned below:
| Policy Name | Rule Name and Description | Desired Value |
|---|---|---|
| Account & Password Policy | Password Age Minimum - Number of days for which user must use password before it can be changed. | 1 Day |
| Password Age Maximum - Number of days after which password expires. | 45 Days | |
| Password Length Minimum - The least number of characters that can make up a password for a user account. | 8 Characters | |
| Password Complexity level - Denotes whether password complexity is enabled. | Enabled | |
| Password History count - The number of unique new passwords that have to be associated with a user account before an old password can be reused. | 5 passwords | |
| Password lock out count - Number of failed logon attempts after which a user account MUST be locked out. | 5 attempts | |
| Administrator Name - Denotes Administrator Account Name. | Administrator | |
| Password in clear text - Determines whether passwords are stored using reverse encryption . | Disabled | |
| Guest Account Enable/Disable - Denotes whether the Guest account is enabled or disabled. | Disabled | |
| Audit Policy | Audit System Events - Audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. | Audit Success & Failure |
| Audit Logon Events - Audit each instance of a user logging on to or logging off from a computer. | Audit Success & Failure | |
| Audit Object Access - Audit the event of a user accessing an object. | No Audit | |
| Audit Privilege Use - Audit each instance of a user exercising a user right. | Audit Success & Failure | |
| Audit Policy Change - Audit every incident of a change to user rights assignment policies, audit policies, or trust policies. | Audit Success & Failure | |
| Audit Account Manage - Audit each event of account management on a computer. | Audit Success & Failure | |
| Audit Process Tracking - Audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. | No Audit | |
| Audit Directory Services Access - Audit each instance of user attempts to access an Active Directory object. | No Audit | |
| Audit Account Logon - Audit each time this computer validates the credentials of an account. | Audit Success & Failure | |
| Event Log Policy | Maximum Application event log size. | 16384 KB |
| Maximum System event log size. | 16384 KB | |
| Maximum Security event log size. | 16384 KB | |
| Application event log overflow action. | overwriteolder, overwriteasneeded | |
| System event log overflow action. | overwriteolder, overwriteasneeded | |
| Security event log overflow action. | overwriteolder, overwriteasneeded | |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
