Difference between revisions of "KHIKA Standard Hardening Policies"
Jump to navigation
Jump to search
| Line 45: | Line 45: | ||
| || Audit Account Logon - Audit each time this computer validates the credentials of an account. || Audit Success & Failure | | || Audit Account Logon - Audit each time this computer validates the credentials of an account. || Audit Success & Failure | ||
|- | |- | ||
| − | | | + | | Event Log Policy || Maximum Application event log size. || 16384 KB |
|- | |- | ||
| − | | || | + | | || Maximum System event log size. || 16384 KB |
|- | |- | ||
| − | | Example || | + | | Example || Maximum Security event log size. || 16384 KB |
|- | |- | ||
| − | | Example || | + | | Example || Application event log overflow action. || overwriteolder, overwriteasneeded |
|- | |- | ||
| − | | Example || | + | | Example || System event log overflow action. || overwriteolder, overwriteasneeded |
|- | |- | ||
| − | | Example || | + | | Example || Security event log overflow action. || overwriteolder, overwriteasneeded |
|- | |- | ||
| Example || Example || Example | | Example || Example || Example | ||
Revision as of 06:51, 14 June 2019
KHIKA Server Hardening for Windows Servers
The Policies and rules available in the default Server Hardening template provided by KHIKA for Windows Servers (2007 onwards) is as mentioned below:
| Policy Name | Rule Name and Description | Desired Value |
|---|---|---|
| Account & Password Policy | Password Age Minimum - Number of days for which user must use password before it can be changed. | 1 Day |
| Password Age Maximum - Number of days after which password expires. | 45 Days | |
| Password Length Minimum - The least number of characters that can make up a password for a user account. | 8 Characters | |
| Password Complexity level - Denotes whether password complexity is enabled. | Enabled | |
| Password History count - The number of unique new passwords that have to be associated with a user account before an old password can be reused. | 5 passwords | |
| Password lock out count - Number of failed logon attempts after which a user account MUST be locked out. | 5 attempts | |
| Administrator Name - Denotes Administrator Account Name. | Administrator | |
| Password in clear text - Determines whether passwords are stored using reverse encryption . | Disabled | |
| Guest Account Enable/Disable - Denotes whether the Guest account is enabled or disabled. | Disabled | |
| Audit Policy | Audit System Events - Audit when a user restarts or shuts down the computer or when an event occurs that affects either the system security or the security log. | Audit Success & Failure |
| Audit Logon Events - Audit each instance of a user logging on to or logging off from a computer. | Audit Success & Failure | |
| Audit Object Access - Audit the event of a user accessing an object. | No Audit | |
| Audit Privilege Use - Audit each instance of a user exercising a user right. | Audit Success & Failure | |
| Audit Policy Change - Audit every incident of a change to user rights assignment policies, audit policies, or trust policies. | Audit Success & Failure | |
| Audit Account Manage - Audit each event of account management on a computer. | Audit Success & Failure | |
| Audit Process Tracking - Audit detailed tracking information for events such as program activation, process exit, handle duplication, and indirect object access. | No Audit | |
| Audit Directory Services Access - Audit each instance of user attempts to access an Active Directory object. | No Audit | |
| Audit Account Logon - Audit each time this computer validates the credentials of an account. | Audit Success & Failure | |
| Event Log Policy | Maximum Application event log size. | 16384 KB |
| Maximum System event log size. | 16384 KB | |
| Example | Maximum Security event log size. | 16384 KB |
| Example | Application event log overflow action. | overwriteolder, overwriteasneeded |
| Example | System event log overflow action. | overwriteolder, overwriteasneeded |
| Example | Security event log overflow action. | overwriteolder, overwriteasneeded |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
| Example | Example | Example |
