KHIKA Standard Hardening Policies
Revision as of 06:59, 14 June 2019 by Dhanashree kulkarni (talk | contribs)
KHIKA Server Hardening for Windows Servers
The Policies and rules available in the default Server Hardening template provided by KHIKA for Windows Servers (2007 onwards) is as mentioned below:
Policy Name | Rule Name and Description | Desired Value |
---|---|---|
Account & Password Policy | Password Age Minimum - Number of days for which user must use password before it can be changed. | 1 Day |
Password Age Maximum - Number of days after which password expires. | 45 Days | |
Password Length Minimum - The least number of characters that can make up a password for a user account. | 8 Characters | |
Password Complexity level - Denotes whether password complexity is enabled. | Enabled | |
Password History count - The number of unique new passwords that have to be associated with a user account before an old password can be reused. | 5 passwords | |
Password lock out count - Number of failed logon attempts after which a user account MUST be locked out. | 5 attempts | |
Administrator Name - Denotes Administrator Account Name. | Administrator | |
Password in clear text - Determines whether passwords are stored using reverse encryption . | Disabled | |
Guest Account Enable/Disable - Denotes whether the Guest account is enabled or disabled. | Disabled | |
Audit Policy | Audit System Events - Audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. | Audit Success & Failure |
Audit Logon Events - Audit each instance of a user logging on to or logging off from a computer. | Audit Success & Failure | |
Audit Object Access - Audit the event of a user accessing an object. | No Audit | |
Audit Privilege Use - Audit each instance of a user exercising a user right. | Audit Success & Failure | |
Audit Policy Change - Audit every incident of a change to user rights assignment policies, audit policies, or trust policies. | Audit Success & Failure | |
Audit Account Manage - Audit each event of account management on a computer. | Audit Success & Failure | |
Audit Process Tracking - Audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. | No Audit | |
Audit Directory Services Access - Audit each instance of user attempts to access an Active Directory object. | No Audit | |
Audit Account Logon - Audit each time this computer validates the credentials of an account. | Audit Success & Failure | |
Event Log Policy | Maximum Application event log size. | 16384 KB |
Maximum System event log size. | 16384 KB | |
Maximum Security event log size. | 16384 KB | |
Application event log overflow action. | overwriteolder, overwriteasneeded | |
System event log overflow action. | overwriteolder, overwriteasneeded | |
Security event log overflow action. | overwriteolder, overwriteasneeded | |
Security Policy | Digitally sign secure channel data (when possible). | Enabled |
Digitally encrypt secure channel data (when possible). | Enabled | |
Everyone permissions to apply to anonymous users. | Disabled | |
Restrict anonymous access to Named Pipes and Shares. | Enabled | |
Names of any pipes than can be accessed anonymously. | Should be empty | |
Names of any shares than can be accessed anonymously. | Should be empty | |
Classic need to be the sharing and security model for local accounts. | Enabled | |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |
Example | Example | Example |