To test the windows
screenshot, you need to
1) Run and enter control userpasswords2
and check "To use this machine, users must enter a user name and password"
2) Control Panel - Administrative Tools - Local Security Policy - Account Policy - Password Policy
Minimum password length: 8 characters
Minimum password usage period: 2 days
Maximum password usage period: 42 days
Enforced password history: 5 remembered passwords
3) Control Panel - Administrative Tools - Local Security Policy - Account Policy - Account Lockout Policy
Account lockout time: 30 minutes
lockout Threshold invalid login times: 5 times
Reset account lockout counter: 30 minutes
4) Control Panel-Administrative Tools-Local Security Policy-Local Policy-Audit Policy
Enable all successful and failed audit policies, if there is no audit, it will not work
5) Control Panel - Administrative Tools - Local Security Policy - Local Policies - Security Options
Interactive logon: Do not display last username Enabled
Interactive logon: Number of previous logons to cache (when domain controller is unavailable) 0 Logon
shutdown: Clear virtual memory Page File Enabled
Network Access: Do not allow storage of passwords and credentials for network authentication Enabled
System Encryption: Use FIPS compliant algorithms for encryption, hashing, and signing Enabled
6) Control Panel - Administrative Tools - Computer Management - System Tools - Local users and groups - user
Screenshots of all users
7) Control Panel - Administrative Tools - Computer Management - System Tools - Local Users and Groups - Right User - Properties
Check to see if "Password never expires" is checked, and check if
"Password never expires" is disabled for all users.
8) Control Panel - Administrative Tools - Computer Management - System Tools - Local Users and Groups - Right User - Properties
View all users belonging to
9) Control Panel-Administrative Tools-Computer Management-System Tools-Event Viewer-Windows Logs-Security Just
select a log, right-click Properties, pull it to the side, screenshot
10) Control Panel-Administrative Tools-Computer Management -System Tools-Event Viewer-windows Logs-System
Randomly select a log, right-click properties, pull it to the side, screenshot
11) Control Panel-Administrative Tools-Computer Management-Shared Folders-Sharing
Close the default sharing function
12) Run and enter gpedit .msc Open the Local Group Policy Editor
Computer Configuration-Administrative Templates-Windows Components-Remote Desktop Services-Remote Desktop Session Host-Security-Set Client Connection Encryption Level-Set to High Level 13) Run
netstat -an to view open ports
General High-risk ports 21, 135-139, 445
14) Screenshots of firewall
15) Screenshots of installed software
16) Screenshots of installed update software
17) Installed antivirus software
Record the version of the protection software and the version of the virus database,
it is best to click in to see if the virus is enabled Protection function, check whether the signature database has been updated in time
Test database
1) version
2) timeout value
3) login name
Check whether there is still sa, rename or prohibit the sa account, check "Security" - "login name" in the object resource management area, change the properties of the sa account, check the login name login properties, and check Enforce password
policy
4 )Role
5)Role-server role of each role
View belonging to
6)The log from the earliest to the latest log is the current and smallest archive number
7)Server Properties-Security-Login Audit
Failed and successful login7
) Maintenance plan - daily backup
View what backup
8) Log file viewer
Problems encountered in writing rectification suggestions:
Windows
1) The client link encryption level is not set, the risk value is medium risk
2) When encountering windows logs, you need to check the asset status in the security device to see if there are corresponding assets, and then check whether the corresponding assets have logs. Remarks (it is best to take a screenshot of the search query as well), and then in the windows log column, you can write a suggestion to send the system log to the log audit system through the log agent to save the database 1) If there are windows duplicates in sqlserver, it
is
recommended Then there is no need to write such as password policy and audit policy.
2) The same is true for the database. It is necessary to check whether the security device has corresponding assets and corresponding logs in the database audit.
The application system
1) generally does not adopt two or more verification factors to realize the user's identity authentication
2) check whether transmission encryption is adopted, and check through wireshark packet capture
3) Encrypted storage method, by asking
4) login failure, login timeout are both medium risk