+1 (208) 254-6996 [email protected]
  

The purpose of this assignment is to implement vulnerability and risk assessment techniques to justify implementation and enforcement of security policies.

Part 1:

Don't use plagiarized sources. Get Your Custom Essay on
Benchmark – Security Analysis And Policy Development
Just from $13/Page
Order Essay

For this assignment you will need to install the Belarc Advisor by going to the Belarc website and following the instructions provided in the “Belarc Installation, Saving, and Uploading Instructions” resource. Instructions for saving and uploading the assignment files are also included in this document. In step 10 you will complete a local system scan of your computer.

Note: If your computer utilizes an operating system other than Windows 7, Vista, or XP Pro, you will need to use the “Summary” file to complete the topic assignment rather than the local system scan outlined in step 10 of the “Belarc Installation, Saving, and Uploading Instructions.”

Use the results of the local system scan to compose a 300-word paper that discusses each section’s role in securing or protecting the scanned system. Expand each section to identify how the system passed or failed the various policies. For each section, address the following:

Identify the section and explain why the system passed or failed.

Explain the risks identified from the results.

Discuss how a threat could exploit the risks and impact the system.

Explain how the failed policies can be solved.

Part 2:

Using the “Risk Assessment Template,” list 20 risks in the “Risk” column. The risks should be failed items from the Belarc Advisor results. Complete the remaining spreadsheet columns for each identified risk. The spreadsheet must include the following:

Risk Title: Obtained from the Belarc Advisor report.

Description: Summarize the information obtained from the Belarc Advisor report hyperlink (pop-up window).

Vulnerability: Explain the vulnerability associated with this risk.

Threat: Identify potential threats that can exploit this vulnerability.

Current Safeguards: Identify if any policies or best practices are in place to reduce the likelihood the threat will be successful.

Impact: Describe the impact if threat is successful.

Severity: Measure the overall severity of the exploitation or impact.

Likelihood: Measure the likelihood a threat will be successful.

Risk Value: Measure the overall value of the risk (low = no real value is exploited; medium = dangerous if exploited; high = extremely grave if exploited).

Submit the 300-word paper, Belarc Advisor results (.xps or .pdf), and completed “Risk Assessment Template.”

Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.

This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion. 

You are not required to submit this assignment to LopesWrite.

Benchmark Information

This benchmark assignment assesses the following programmatic competencies:

MS Information Technology Management

1.5: Evaluate system risks, threats, and vulnerabilities and practices and processes to ensure the safety and security of business information systems.

MS Information Assurance and Cybersecurity

3.2: Evaluate system risks, threats, and vulnerabilities and practices and processes to ensure the safety and security of business information systems.

Belarc Installation, Saving, and Uploading Instructions

1. Navigate to the Belarc website using the link below.

http://www.belarc.com/free_download.html

2. Select Download (Figure 1) to install the “Belarc Advisor” free personal use license.

Figure 1

3. Click Save File. Note the location where the file is being saved (Figure 2)

Figure 2

4. Launch the file and Run the installation process (Figure 3).

Figure 3

5. Click “Continue Installing Belarc Advisor” (Figure 4).

Figure 4

6. Click “I Agree” and “Install” (Figures 5 and 6).

Figure 5

Figure 6

7. When the application prompts to check for new Advisor security definitions, simply click “No” and leave the check box cleared (Figure 7).

8.

Figure 7

9. Allow the installation to move through several screen prompts.

a. Creating a profile of the computer (Figure 8).

b. Checking for missing security updates (Figure 9).

c. Checking the local network of this computer (Figure 10).

Figure 8

Figure 9

Figure 10

10. A browser will open, displaying your local system scan results. Use this output for your Topic 2 assignment (Figure 11).

C:\Users\romeo.farinacci\OneDrive\Documents\Education\GCU\ProgramDirector\CDD\MIS-657Capture.PNG

Figure 11

Instructions to Save and Upload Files to LoudCloud

The Topic 2 assignment requires students to convert the file to either .xps or .pdf format and upload it to LoudCloud.

The following instructions have been tested using the browsers below.

· Internet Explorer 11

· Firefox 51.0 (32-bit)

Internet Explorer 11

1. Select the upper left-hand menu… File > Print.

2. Select either ‘Microsoft XPS Document Writer or PDFCreator” (or similar PDF software option) and click “Print” (Figure 12).

Figure 12

3. Save the file to an appropriate location using the following syntax lastnamefirstinitial_belarc (Figure 13).

Figure 13

4. In LoudCloud, submit both MS Word .docx file and Belarc results (.xps or .pdf) for grading.

Firefox 51.0 (32-bit)

1. In the upper right-hand, select the open-menu option, then “Print” (Figure 14).

Figure 14

2. From the print preview screen (Figure 15), click “Print” in the upper right-hand corner.

Figure 15

3. Choose the appropriate print option: Select either “Microsoft XPS Document Writer” or “PDFCreator” (or similar PDF software option) and click “Print” (Figure 16).

Figure 16

4. Save the file to an appropriate location using the following syntax lastnamefirstinitial_belarc (Figure 13 above).

5. In LoudCloud, submit both MS Word .docx file and Belarc results (.xps or .pdf) for grading.

© 2021. Grand Canyon University. All Rights Reserved.

Template

Risk Assessment Template
No.Risk TitleDescriptionVulnerabilityThreatCurrent SafeguardsImpactSeverityLikelihoodRisk Value
R0Reset Account Lockout Counter After (CCE-9400)This policy will disable an account if successive attempts to login fail within the threshold period.If not set, someone can constantly try to gain access to system until successful.Brute Force Attack by automated system.Password Complexity policy is enforced, reducing the likelihood the Brute Force attack will succeed.Some can gain full access to all data within system and any devices connected to the systems network.MediumLowLow
R1No ValueNo ValueNo Value
R2No ValueNo ValueNo Value
R3No ValueNo ValueNo Value
R4No ValueNo ValueNo Value
R5No ValueNo ValueNo Value
R6No ValueNo ValueNo Value
R7No ValueNo ValueNo Value
R8No ValueNo ValueNo Value
R9No ValueNo ValueNo Value
R10No ValueNo ValueNo Value
R11No ValueNo ValueNo Value
R12No ValueNo ValueNo Value
R13No ValueNo ValueNo Value
R14No ValueNo ValueNo Value
R15No ValueNo ValueNo Value
R16No ValueNo ValueNo Value
R17No ValueNo ValueNo Value
R18No ValueNo ValueNo Value
R19No ValueNo ValueNo Value
R20No ValueNo ValueNo Value

Sheet1

Matrix
No Value
Low
Medium
High

The license associated with the Belarc Advisor product allows for free personal use only. Use on computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info. About Belarc Commercial and Government Products Back to Profile Summary Click any benchmark setting at right for documentation. Why are security benchmarks important for IT security?  Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems.  Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks.  The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats (“Security Benchmarks: A Gold Standard.” IA Newsletter, vol. 5 no. 3 Click here to view) To request a copy of our white paper, “Securing the Enterprise”, click here. What is the USGCB Benchmark?  The United States Government Configuration Baseline (USGCB) is a US Government OMB-mandated security configuration for Windows 7 and Internet Explorer 8.  Developed by DoD, with NIST assistance, the benchmark is the product of DoD consensus.  Click here for details. What are FDCC Benchmarks?  The Federal Desktop Core Configuration (FDCC) is a US Government OMB-mandated security configuration for Windows Vista and XP.  The Windows Vista FDCC is based on DoD customization of the Microsoft Security Guides for both Windows Vista and Internet Explorer 7.0.  Microsoft’s Vista Security Guide was produced through a collaborative effort with DISA, NSA, and NIST, reflecting the consensus recommended settings from DISA, NSA, and NIST.  The Windows XP FDCC is based on US Air Force customization of the Specialized Security-Limited Functionality (SSLF) recommendations in NIST SP 800-68 and DoD customization of the recommendations in Microsoft’s Security Guide for Internet Explorer 7.0.  Click here for details. What is the Security Benchmark Score?  The Belarc Advisor has audited the security of your computer using a benchmark appropriate to your operating system.  The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats.  The higher the number the less vulnerable your system. How can you reduce your security vulnerability?  The local group policy editor (accessed by running the gpedit.msc command) can be used to configure security settings for your computer.  Windows home editions don’t include that editor, but most security settings can also be made with registry entries instead.  Warning: Applying these security settings may cause some applications to stop working correctly.  Back up your system prior to applying these security templates or apply the templates on a test system first. For domain member computers, the benchmark configurations are available from the benchmark creator’s web site as Microsoft Group Policy Object files that can be used with Active Directory.  Follow the links above to the web site of your Benchmark’s creator.  Security Benchmark Score Details Computer Name: MIS657-LAB343 (in GCU) Profile Date: Thursday, January 26, 2017 3:52:17 PM Advisor Version: 8.5c Windows Logon: Guest.User234 Active Directory OU: GCUProd/Workstations DNS Suffix: gcu.edu Try BelManage, the Enterprise version of the Belarc Advisor Score: 0.00 of 10   (what’s this?)  = Pass  = Fail Benchmark: USGCB – Windows 7, Version 1.0.1.0  Expand all sections Account Lockout Policy Settings Section Score: 0.00 of 0.63 1. Account Lockout Duration (CCE-9308) 2. Account Lockout Threshold (CCE-9136) 3. Reset Account Lockout Counter After (CCE-9400) Password Policy Settings Section Score: 0.00 of 0.63 1. Enforce Password History (CCE-8912) 2. Maximum Password Age (CCE-9193) 3. Minimum Password Age (CCE-9330) 4. Minimum Password Length (CCE-9357) 5. Password Complexity (CCE-9370) 6. Reversible Password Encryption (CCE-9260) User Rights Assignments Section Score: 0.00 of 0.63 1. Access This Computer From The Network (CCE-9253) 2. Act As Part Of The Operating System (CCE-9407) 3. Adjust Memory Quotas For A Process (CCE-9068) 4. Log On Locally (CCE-9345) 5. Log On Through Terminal Services (CCE-9107) 6. Back Up Files and Directories (CCE-9389) 7. Bypass Traverse Checking (CCE-8414) 8. Change the System Time (CCE-8612) 9. Change the time zone (CCE-8423) 10. Create A Pagefile (CCE-9185) 11. Create A Token Object (CCE-9215) 12. Create Global Objects (CCE-8431) 13. Create Permanent Shared Objects (CCE-9254) 14. Create symbolic links (CCE-8460) 15. Debug Programs (CCE-8583) 16. Deny Access To This Computer From The Network (CCE-9244) 17. Deny Logon As A Batch Job (CCE-9212) 18. Deny Logon As A Service (CCE-9098) 19. Deny Logon Locally (CCE-9239) 20. Deny Logon Through Remote Desktop Services (CCE-9274) 21. Force Shutdown From A Remote System (CCE-9336) 22. Generate Security Audits (CCE-9226) 23. Impersonate a Client After Authentication (CCE-8467) 24. Increase a Process Working Set (CCE-9048) 25. Increase Scheduling Priority (CCE-8999) 26. Load And Unload Device Drivers (CCE-9135) 27. Lock Pages In Memory (CCE-9289) 28. Log On As A Batch Job (CCE-9320) 29. Log On As A Service (CCE-9461) 30. Manage Auditing And Security Log (CCE-9223) 31. Modify an object label (CCE-9149) 32. Modify Firmware Environment Values (CCE-9417) 33. Perform Volume Maintenance Tasks (CCE-8475) 34. Profile Single Process (CCE-9388) 35. Profile System Performance (CCE-9419) 36. Remove Computer From Docking Station (CCE-9326) 37. Replace A Process Level Token (CCE-8732) 38. Restore Files And Directories (CCE-9124) 39. Shut Down The System (CCE-9014) 40. Take Ownership Of Files Or Other Objects” (CCE-9309) Security Options Settings Section Score: 0.00 of 0.63 1. Accounts: Administrator account status (CCE-9199) 2. Accounts: Guest account status (CCE-8714) 3. Accounts: Limit local account use to blank passwords to console logon only (CCE-9418) 4. Accounts: Rename administrator account (CCE-8484) 5. Accounts: Rename guest account (CCE-9229) 6. Audit: Audit the access of global system objects (CCE-9150) 7. Audit: Audit the use of Backup and Restore privilege (CCE-8789) 8. Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings (CCE-9432) 9. Devices: Prevent users from installing printer drivers (CCE-9026) 10. Devices: Restrict CD-ROM access to locally logged-on user only” (CCE-9304) 11. Devices: Restrict floppy access to locally logged-on user only (CCE-9440) 12. Domain member: Digitally encrypt or sign secure channel data (always) (CCE-8974) 13. Domain member: Digitally encrypt secure channel data (when possible) (CCE-9251) 14. Domain member: Digitally sign secure channel data (when possible) (CCE-9375) 15. Domain member: Disable machine account password changes (CCE-9295) 16. Domain member: Maximum machine account password age (CCE-9123) 17. Domain member: Require strong (Windows 2000 or later) session key (CCE-9387) 18. Interactive logon: Do not display last user name (CCE-9449) 19. Interactive logon: Do not require CTRL ALT DEL (CCE-9317) 20. Interactive logon: Message text for users attempting to log on (CCE-8973) 21. Interactive logon: Message title for users attempting to log on (CCE-8740) 22. Interactive logon: Number of previous logons to cache (in case domain controller is not available) (CCE-8487) 23. Interactive logon: Prompt user to change password before expiration (CCE-9307) 24. Interactive logon: Require Domain Controller authentication to unlock workstation (CCE-8818) 25. Interactive logon: Smart card removal behavior (CCE-9067) 26. Microsoft network client: Digitally sign communications (always) (CCE-9327) 27. Microsoft network client: Digitally sign communications (if server agrees) (CCE-9344) 28. Microsoft network client: Send unencrypted password to third-party SMB servers (CCE-9265) 29. Microsoft network server: Amount of idle time required before suspending session (CCE-9406) 30. Microsoft network server: Digitally sign communications (always) (CCE-9040) 31. Microsoft network server: Digitally sign communications (if client agrees) (CCE-8825) 32. Microsoft network server: Disconnect clients when logon hours expire (CCE-9358) 33. Microsoft network server: SPN Target name validation (CCE-8503) 34. Network access: Allow anonymous SID-Name translation (CCE-9531) 35. Network access: Do not allow anonymous enumeration of SAM accounts (CCE-9249) 36. Network access: Do not allow anonymous enumeration of SAM accounts and shares (CCE-9156) 37. Network access: Do not allow storage of passwords and credentials for network authentication (CCE-8654) 38. Network access: Let Everyone permissions apply to anonymous users (CCE-8936) 39. Network access: Named Pipes that can be accessed anonymously – netlogon, lsarpc, samr, browser (CCE-9218) 40. Network access: Remotely accessible registry paths (CCE-9121) 41. Network access: Remotely accessible registry paths and sub paths (CCE-9386) 42. Network access: Restrict anonymous access to Named Pipes and Shares (CCE-9540) 43. Network access: Shares that can be accessed anonymously (CCE-9196) 44. Network access: Sharing and security model for local accounts (CCE-9503) 45. Network security: Allow Local System to use computer identity for NTLM (CCE-9096) 46. Network security: Allow LocalSystem NULL session fallback (CCE-8804) 47. Network Security: Allow PKU2U authentication requests to this computer to use online identities (CCE-9770) 48. Network Security: Configure encryption types allowed for Kerberos (CCE-9532) 49. Network security: Do not store LAN Manager hash value on next password changes (CCE-8937) 50. Network security: Force logoff when logon hours expire (CCE-9704) 51. Network security: LAN Manager Authentication Level (CCE-8806) 52. Network security: LDAP client signing requirements (CCE-9768) 53. Network security: Minimum session security for NTLM SSP based (including secure RPC) clients (CCE-9534) 54. Network security: Minimum session security for NTLM SSP based (including secure RPC) servers (CCE-9736) 55. Recovery Console: Allow Automatic Administrative Logon (CCE-8807) 56. Recovery Console: Allow Floppy Copy and Access to All Drives and All Folders (CCE-8945) 57. Shutdown: Allow System to be Shut Down Without Having to Log On (CCE-9707) 58. Shutdown: Clear Virtual Memory Pagefile (CCE-9222) 59. System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing (CCE-9266) 60. System objects: Require case insensitivity for non-Windows subsystems (CCE-9319) 61. System objects: Strengthen default permissions of internal system objects (CCE-9191) 62. User Account Control: Admin Approval Mode for the Built-in Administrator account (CCE-8811) 63. User Account Control: Allow UIAccess application to prompt for elevation without using the secure desktop (CCE-9301) 64. User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (CCE-8958) 65. User Account Control: Behavior of the elevation prompt for standard users (CCE-8813) 66. User Account Control: Detect application installations and prompt for elevation (CCE-9616) 67. User Account Control: Only elevate executables that are signed and validated (CCE-9021) 68. User Account Control: Only elevate UIAccess applications that are installed in secure locations (CCE-9801) 69. User Account Control: Run all administrators in Admin Approval Mode (CCE-9189) 70. User Account Control: Switch to the secure desktop when prompting for elevation (CCE-9395) 71. User Account Control: Virtualize file and registry write failures to per-user locations (CCE-8817) 72. MSS: (AutoAdminLogon) Enable Automatic Logon (Not Recommended) (CCE-9342) 73. MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) (CCE-9496) 74. MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) (CCE-8655) 75. MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes (CCE-8513) 76. MSS: (Hidden) Hide computer from the browse list (Not Recommended except for highly secure environments) (CCE-8560) 77. MSS: (KeepAliveTime)How often keep-alive packets are sent in milliseconds (CCE-9426) 78. MSS: (NoDefaultExempt) Enable NoDefaultExempt for IPSec Filtering (recommended) (CCE-9439) 79. MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers (CCE-8562) 80. MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure DefaultGateway addresses (could lead to DoS) (CCE-9458) 81. MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended) (CCE-9348) 82. MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended) (CCE-8591) 83. MSS: (TCPMaxDataRetransmissions) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (CCE-9456) 84. MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 is default) (CCE-9487) 85. MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning (CCE-9501) System Services Settings Section Score: 0.00 of 0.63 1. Bluetooth Support Service (CCE-10661) 2. Fax Service (CCE-10150) 3. HomeGroup Listener (CCE-10543) 4. Homegroup Provider (CCE-9910) 5. Media Center Extender (CCE-10699) 6. Parental Controls Service (CCE-10311) Audit Policy Settings Section Score: 0.00 of 0.63 1. Application Group Management (CCE-8822) 2. Computer Account Management (CCE-9498) 3. Distribution Group Management (CCE-9644) 4. Other Account Management Events (CCE-9657) 5. Security Group Management (CCE-9692) 6. User Account Management (CCE-9542) 7. DPAPI Activity (CCE-9735) 8. Process Creation (CCE-9562) 9. Process Termination (CCE-9227) 10. RPC Events (CCE-9492) 11. Detailed Directory Service Replication (CCE-9628) 12. Directory Service Access (CCE-9765) 13. Directory Service Changes (CCE-9734) 14. Directory Service Replication (CCE-9637) 15. Account Lockout (CCE-8853) 16. IPsec Extended Mode (CCE-9661) 17. IPsec Main Mode (CCE-10939) 18. IPsec Quick Mode (CCE-9632) 19. Logoff (CCE-8856) 20. Logon (CCE-9683) 21. Other Logon/Logoff Events (CCE-9622) 22. Special Logon (CCE-9763) 23. Application Generated (CCE-9816) 24. Certification Services (CCE-9460) 25. File Share (CCE-9376) 26. File System (CCE-9217) 27. Filtering Platform Connection (CCE-9728) 28. Filtering Platform Packet Drop (CCE-9133) 29. Handle Manipulation (CCE-9789) 30. Kernel Object (CCE-9803) 31. Other Object Access Events (CCE-9455) 32. Registry (CCE-9737) 33. SAM (CCE-9856) 34. Audit Policy Change (CCE-10021) 35. Authentication Policy Change (CCE-9976) 36. Authorization Policy Change (CCE-9633) 37. Filtering Platform Policy Change (CCE-9902) 38. MPSSVC Rule-Level Policy Change (CCE-9153) 39. Other Policy Change Events (CCE-9596) 40. Non Sensitive Privilege Use (CCE-9190) 41. Other Privilege Use Events (CCE-9988) 42. Sensitive Privilege Use (CCE-9878) 43. IPsec Driver (CCE-9925) 44. Other System Events (CCE-9586) 45. Security State Change (CCE-9850) 46. Security System Extension (CCE-9863) 47. System Integrity (CCE-9520) Computer Configuration – Administrative Templates – Network Connections Section Score: 0.00 of 0.63 1. Turn on Mapper I/O (LLTDIO) driver (CCE-9783) 2. Turn on Responder (RSPNDR) driver (CCE-10059) 3. Turn Off Microsoft Peer-to-Peer Networking Services (CCE-10438) 4. Prohibit installation and configuration of Network Bridge on your DNS domain network (CCE-9953) 5. Require Domain users to elevate when setting a networks location (CCE-10359) 6. Route all traffic through the internal network (CCE-10509) 7. _6to4 State (CCE-10266) 8. ISATAP State (CCE-10130) 9. Teredo State (CCE-10011) 10. IP HTTPS (CCE-10764) 11. Configuration of Wireless Settings Using Windows Connect Now (CCE-9879) 12. Prohibit Access of the Windows Connect Now Wizards (CCE-10778) 13. Extend point and print connection to search Windows update and use alternate connection if needed (CCE-10782) Computer Configuration – Administrative Templates – System Settings Section Score: 0.00 of 0.63 1. Allow remote access to the PnP interface (CCE-10769) 2. Do not send a Windows Error Report when a generic driver is installed on a device (CCE-9901) 3. Prevent creation of a system restore point during device activity that would normally promp creation of a restore point. (CCE-10553) 4. Prevent device metadata retrieval from the internet (CCE-10165) 5. Specify search order for device driver source locations (CCE-9919) 6. Registry Policy (CCE-9361) 7. Turn off downloading of print drivers over HTTP (CCE-9195) 8. Turn off event views (Events.asp) links (CCE-9819) 9. Turn off handwriting personalization data sharing (CCE-10645) 10. Turn off handwriting recognition error reporting (CCE-10645) 11. Turn off Internet connection wizard if URL connection is referring to Microsoft.com (CCE-10649) 12. Turn off Internet download for Web publishing and online ordering wizards (CCE-9674) 13. Turn off Internet file association service (CCE-10795) 14. Turn off printing over HTTP (CCE-10061) 15. Turn off registration if URL connection is referring to Microsoft.com (CCE-10160) 16. Turn off Search Companion content file updates (CCE-10140) 17. Turn off the Order Prints picture task (CCE-9823) 18. Turn off the Publish to Web task for files and folders (CCE-9643) 19. Turn off the Windows Messenger Customer Experience Improvement Program (CCE-9559) 20. Turn Off Windows Error Reporting (CCE-10441) 21. Always Use Classic Logon (CCE-10591) 22. Do not process the run once list (CCE-10154) 23. Require a Password when a Computer Wakes (On Battery) (CCE-9829) 24. Require a Password when a Computer Wakes (Plugged) (CCE-9670) 25. Offer Remote Assistance (CCE-9960) 26. Solicited Remote Assistance (CCE-9506) 27. Turn on session logging (CCE-10344) 27. Restrictions for Unauthenticated RPC clients (CCE-9396) 29. RPC Endpoint Mapper Client Authentication (CCE-10181) Computer Configuration – Administrative Templates – System – Troubleshooting and Diagnostics Section Score: 0.00 of 0.63 1. Microsoft support diagnostic tool: turn on msdt interactive communication with support provider (CCE-9842) 2. Troubleshooting: allow user to access online troubleshooting content on Microsoft server from the troubleshooting control panel (CCE-10606) 3. Enable or disable perftrack (CCE-10219) Computer Configuration – Administrative Templates – Windows Components Section Score: 0.00 of 0.63 1. Confidure Windows NTP client (CCE-10500) 2. Turn off program inventory (CCE-10787) 3. Default behavior for autorun (CCE-10527) 4. Turn off Autoplay (CCE-9528) 5. Turn off autoplay for non volume devices (CCE-10655) 6. Enumerate administrator accounts on elevation (CCE-9938) 7. Do not allow digital locker to run (CCE-10759) 8. Override the More Gadgets Lnk (CCE-9857) 9. Disable unpacking and installation of gadgets that are not digitally signed (CCE-10811) 10. Turn Off User Installed Windows Sidebar Gidgets (CCE-10586) 11. Maximum Application Log Size (CCE-9603) 12. Maximum Security Log Size (CCE-9967) 13. Maximum Setup Log Size (CCE-10714) 14. Maximum Setup Log Size (CCE-10156) 15. Turn Off Downloading of Game Information (CCE-10828) 16. Turn off game updates (CCE-10850) 17. Prevent the computer from joining a Homegroup (CCE-10183) 18. Disable remote desktop sharing (CCE-10763) 19. Do not allow passwords to be saved (CCE-10090) 20. Allow users to connect remotely using Remote Desktop Services (CCE-9985) 21. Always prompt client for password upon connection (CCE-10103) 22. Set client connection encryption level (CCE-9764) 23. Set a time limit for active but idle Terminal Services sessions (CCE-10608) 24. Set a time limit for disconnected sessions (CCE-9858) 25. Do not delete temp folders upon exit (CCE-10856) 26. Do not use temporary folders per session (CCE-9864) 27. Turn off downloading of enclosures (CCE-10730) 28. Allow indexing of encrypted files (CCE-10496) 29. Enable indexing uncached Exchange folders (CCE-9866) 30. Prevent Windows anytime upgrade from running (CCE-10137) 31. Configure Microsoft SpyNet Reporting (CCE-9868) 32. Disable Logging (CCE-10157) 33. Disable Windows Error Reporting (CCE-9914) 34. Display Error Notification (CCE-10709) 35. Do Not Send Additional Data (CCE-10824) 36. Turn off data execution prevention for explorer (CCE-9918) 37. Turn off Heap termination on corruption (CCE-9874) 38. Turn off shell protocol protected mode (CCE-10623) 39. Disable IE security prompt for Windows Installer scripts (CCE-9875) 40. Enable user control over installs (CCE-9876) 41. Prohibit non-administrators from applying vendor signed updates (CCE-9888) 42. Report Logon Server Not Available During User logon (CCE-9907) 43. Turn off the communities features (CCE-11252) 44. windows_mail_application_manual_launch_permitted_var (CCE-10882) 45. Prevent Windows Media DRM Internet Access (CCE-9908) 46. Do Not Show First Use Dialog Boxes (CCE-10692) 47. Prevent Automatic Updates (CCE-10602) 48. Configure automatic updates (CCE-9403) 49. Reschedule automatic updates scheduled installation (CCE-10205) 50. No auto restart with logged on users for scheduled automatic updates installations (CCE-9672) 51. Do not display ‘Install updates and shut down option’ in shut down windows dialog box (CCE-9464) 52. Games are not installed 53. Internet Information Services 54. Simple TCPIP Services 55. Telnet Client 56. Telnet Server 57. TFTP Client 58. Windows Media Center Security Patches Section Score: 0.00 of 0.63 1. Security Patches Up-To-Date Windows Firewall Inbound Rules Section Score: 0.00 of 0.63 1. Core Networking – Dynamic Host Configuration Protocol (DHCP-In) (CCE-14986) 2. Core Networking – Dynamic Host Configuration Protocol (DHCPV6-In) (CCE-14854) Windows Firewall with Advanced Security – Domain Profile Section Score: 0.00 of 0.63 1. Log Dropped Packets (CCE-10502) 2. Logged Successful Connections (CCE-10268) 3. Name (CCE-10022) 4. Size Limit (CCE-9747) 5. Display a Notification (CCE-9774) 6. Apply Local Connection Security Rules (CCE-9329) 7. Apply Local Firewall Rules (CCE-9686) 8. Allow Unicast Response (CCE-9069) 9. Firewall state (CCE-9465) 10. Inbound Connections (CCE-9620) 11. Outbound Connections (CCE-9509) Windows Firewall with Advanced Security – Private Profile Section Score: 0.00 of 0.63 1. Log Dropped Packets (CCE-10215) 2. Logged Successful Connections (CCE-10611) 3. Name (CCE-10386) 4. Size Limit (CCE-10250) 5. Display a Notification (CCE-8884) 6. Apply Local Connection Security Rules (CCE-9712) 7. Apply Local Firewall Rules (CCE-9663) 8. Allow Unicast Response (CCE-9522) 9. Firewall state (CCE-9739) 10. Inbound Connections (CCE-9694) 11. Outbound Connections (CCE-8870) Windows Firewall with Advanced Security – Public Profile Section Score: 0.00 of 0.63 1. Log Dropped Packets (CCE-9749) 2. Logged Successful Connections (CCE-9753) 3. Name (CCE-9926) 4. Size Limit (CCE-10373) 5. Display a Notification (CCE-9742) 6. Apply Local Connection Security Rules (CCE-9817) 7. Apply Local Firewall Rules (CCE-9786) 8. Allow Unicast Response (CCE-9773) 9. Firewall state (CCE-9593) 10. Inbound Connections (CCE-9007) 11. Outbound Connections (CCE-9588) Internet Explorer 8 – Local Computer Policy Section Score: 0.00 of 0.63 1. Disable Configuring History – Local Computer (CCE-10387) 2. Disable Changing Automatic Configuration Settings – Local Computer (CCE-10638) 3. Do Not Allow Users to enable or Disable Add-Ons – Local Computer (CCE-10235) 4. Make proxy settings per-machine (rather than per-user) – Local Computer (CCE-9870) 5. Prevent participation in the Customer Experience Improvement Programs – Local Computer (CCE-10522) 6. Prevent performance of First Run Customize settings – Local Computer (CCE-10641) 7. Security Zones: Do Not Allow Users to Add/Delete Sites – Local Computer (CCE-10394) 8. Security Zones: Do Not Allow Users to Change Policies – Local Computer (CCE-10037) 9. Security Zones: Use Only Machine Settings – Local Computer (CCE-10096) 10. Turn Off Crash Detection – Local Computer (CCE-10594) 11. Turn Off Managing SmartScreen Filter – Local Computer (CCE-9973) 12. Turn Off the Security Settings Check Feature – Local Computer (CCE-10607) 13. Include updated Web site lists from Microsoft – Local Computer (CCE-10603) 14. Configure Delete Browsing History on exit – Local Computer (CCE-10590) 15. Prevent Deleting Web sites that the User has Visited – Local Computer (CCE-10110) 16. Turn off InPrivate Browsing – Local Computer (CCE-9885) 17. Allow Active Content from CDs to Run on User Machine – Local Computer (CCE-10293) 18. Allow Software to Run or Install Even if the Signature is Invalid – Local Computer (CCE-10052) 19. Allow Third-Party Browser Extensions – Local Computer (CCE-9905) 20. Automatically Check for Internet Explorer Updates – Local Computer (CCE-10581) 21. Check for Server Certificate Revocation – Local Computer (CCE-10074) 22. Check for signatures on downloaded programs – Local Computer – variable (CCE-10055) 23. Intranet Sites: Include all network paths (UNCs) – Local Computer (CCE-9660) 24. Access Data Sources Across Domains – Internet Zone – Local Computer (CCE-10380) 25. Allow cut, copy or paste operations from the clipboard via script – Internet Zone – Local Computer (CCE-10002) 26. Allow drag and drop or copy and paste files – Internet Zone – Local Computer (CCE-10033) 27. Allow Font Downloads – Internet Zone – Local Computer (CCE-10403) 28. Allow installation of desktop items – Internet Zone – Local Computer (CCE-9790) 29. Allow scripting of Internet Explorer web browser control – Internet Zone – Local Computer (CCE-9779) 30. Allow script-initiated windows without size or position constraints – Internet Zone – Local Computer (CCE-9882) 31. Allow Scriptlets – Internet Zone – Local Computer (CCE-10685) 32. Allow status bar updates via script – Internet Zone – Local Computer (CCE-9750) 33. Automatic prompting for file downloads – Internet Zone – Local Computer (CCE-10389) 34. Download signed ActiveX controls – Internet Zone – Local Computer (CCE-9917) 35. Download unsigned ActiveX controls – Internet Zone – Local Computer (CCE-10433) 36. Include local directory path when uploading files to a server – Internet Zone – Local Computer (CCE-10646) 37. Initialize and script ActiveX controls not marked as safe – Internet Zone – Local Computer (CCE-10561) 38. Java permissions – Internet Zone – Local Computer (CCE-10182) 39. Launching applications and files in an IFRAME – Internet Zone – Local Computer (CCE-9821) 40. Launching programs and unsafe files – Internet Zone – Local Computer (CCE-10650) 41. Logon Options – Internet Zone – Local Computer (CCE-10472) 42. Loose XAML files – Internet Zone – Local Computer (CCE-10672) 43. Navigate windows and frames across different domains – Internet Zone – Local Computer (CCE-9865) 44. Only allow approved domains to use ActiveX controls without prompt – Internet Zone – Local Computer (CCE-9793) 45. Open files based on content, not file extension – Internet Zone – Local Computer (CCE-10107) 46. Run .NET Framework-reliant components not signed with Authenticode – Internet Zone – Local Computer (CCE-10515) 47. Run .NET Framework-reliant components signed with Authenticode – Internet Zone – Local Computer (CCE-10625) 48. Software channel permissions – Internet Zone – Local Computer (CCE-10425) 49. Turn Off First-Run Opt-In – Internet Zone – Local Computer (CCE-10434) 50. Turn on Cross-Site Scripting (XSS) Filter – Internet Zone – Local Computer (CCE-10276) 51. Turn On Protected Mode – Internet Zone – Local Computer (CCE-10676) 52. Use Pop-up Blocker – Internet Zone – Local Computer (CCE-10486) 53. Userdata Persistence – Internet Zone – Local Computer (CCE-10200) 54. Web sites in less privileged Web content zones can navigate into this zone – Internet Zone – Local Computer (CCE-10622) 55. Java permissions – Intranet Zone – Local Computer (CCE-10566) 56. Java permissions – Local Machine Zone – Local Computer (CCE-10319) 57. Download Signed ActiveX Controls – Locked Down Internet Zone – Local Computer (CCE-10095) 58. Java permissions – Locked Down Internet Zone – Local Computer (CCE-10597) 59. Java permissions – Locked Down Intranet Zone – Local Computer (CCE-10342) 60. Java permissions – Locked Down Local Machine – Local Computer (CCE-10535) 61. Java permissions – Locked Down Restricted Sites Zone – Local Computer (CCE-10275) 62. Java permissions – Locked Down Trusted Sites Zone – Local Computer (CCE-10654) 63. Access Data Sources Across Domains – Restricted Sites Zone – Local Computer (CCE-10525) 64. Allow Active Scripting – Restricted Sites Zone – Local Computer (CCE-10393) 65. Allow Binary and Script Behaviors – Restricted Sites Zone – Local Computer (CCE-10547) 66. Allow cut, copy or paste operations from the clipboard via script – Restricted SitesZone – Local Computer (CCE-10539) 67. Allow drag and drop or copy and paste files – Restricted Sites Zone – Local Computer (CCE-9667) 68. Allow File Downloads – Restricted Sites Zone – Local Computer (CCE-10466) 69. Allow Font Downloads – Restricted Sites Zone – Local Computer (CCE-9982) 70. Allow installation of desktop items – Restricted Sites Zone – Local Computer (CCE-10475) 71. Allow scripting of Internet Explorer web browser control – Restricted Sites Zone – Local Computer (CCE-10725) 72. Allow META REFRESH – Restricted Sites Zone – Local Computer (CCE-10664) 73. Allow script-initiated windows without size or position constraints – Restricted Sites Zone – Local Computer (CCE-9814) 74. Allow Scriptlets – Restricted Sites Zone – Local Computer (CCE-10630) 75. Allow status bar updates via script – Restricted Sites Zone – Local Computer (CCE-10431) 76. Automatic prompting for file downloads – Restricted Sites Zone – Local Computer (CCE-9959) 77. Download signed ActiveX controls – Restricted Sites Zone – Local Computer (CCE-10470) 78. Download unsigned ActiveX controls – Restricted Sites Zone – Local Computer (CCE-10461) 79. Include local directory path when uploading files to a server – Restricted Sites Zone – Local Computer (CCE-9781) 80. Initialize and script ActiveX controls not marked as safe – Restricted Sites Zone – Local Computer (CCE-10347) 81. Java permissions – Restricted Sites Zone – Local Computer (CCE-10620) 82. Launching applications and files in an IFRAME – Restricted Sites Zone – Local Computer (CCE-10360) 83. Launching programs and unsafe files – Restricted Sites Zone – Local Computer (CCE-10744) 84. Logon Options – Restricted Sites Zone – Local Computer (CCE-10651) 85. Loose XAML files – Restricted Sites Zone – Local Computer (CCE-10178) 86. Navigate sub-frames across different domains – Restricted Sites Zone – Local Computer (CCE-10642) 87. Only allow approved domains to use ActiveX controls without prompt – Restricted Sites Zone – Local Computer (CCE-9832) 88. Open files based on content, not file extension – Restricted Sites Zone – Local Computer (CCE-10277) 89. Run .NET Framework-reliant components not signed with Authenticode – Restricted Sites Zone – Local Computer (CCE-9898) 90. Run .NET Framework-reliant components signed with Authenticode – Restricted Sites Zone – Local Computer (CCE-9673) 91. Run ActiveX controls and plugins – Restricted Sites Zone – Local Computer (CCE-9792) 92. Script ActiveX controls marked safe for scripting – Restricted Sites Zone – Local Computer (CCE-10554) 93. Scripting of Java Applets – Restricted Sites Zone – Local Computer (CCE-10083) 94. Software channel permissions – Restricted Sites Zone – Local Computer (CCE-9669) 95. Turn Off First-Run Opt-In – Restricted Sites Zone – Local Computer (CCE-10420) 96. Turn on Cross-Site Scripting (XSS) Filter – Restricted Sites Zone – Local Computer (CCE-10105) 97. Turn On Protected Mode – Restricted Sites Zone – Local Computer (CCE-9945) 98. Use Pop-up Blocker – Restricted Sites Zone – Local Computer (CCE-10094) 99. Userdata Persistence – Restricted Sites Zone – Local Computer (CCE-9760) 100. Web sites in less privileged Web content zones can navigate into this zone – Restricted Sites Zone – Local Computer (CCE-10609) 101. Java permissions – Trusted Sites Zone – Local Computer (CCE-10696) 102. Turn Off changing the URL to be displayed for checking updates to Internet Explorer and Internet Tools – Local Computer (CCE-10595) 103. Turn Off Configuring the Update Check Interval (In Days) – Local Computer (CCE-9776) 104. Internet Explorer Processes – Consistent Mime Handling – Local Computer (CCE-10138) 105. Internet Explorer Processes – Mime Sniffing Safety Feature – Local Computer (CCE-10635) 106. Internet Explorer Processes – MK Protocol Security Restriction – Local Computer (CCE-10265) 107. Internet Explorer Processes – Protection From Zone Elevation – Local Computer (CCE-10574) 108. Internet Explorer Processes – Restrict ActiveX Install – Local Computer (CCE-10405) 109. Internet Explorer Processes – Restrict File Download – Local Computer (CCE-10578) 110. Internet Explorer Processes – Scripted Window Security Restrictions – Local Computer (CCE-10604) Copyright 2000-2016, Belarc, Inc. All rights reserved. Legal notice. U.S. Patents 8473607, 6085229, 5665951 and Patents pending.

Order your essay today and save 10% with the discount code ESSAYHELP