Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: FDCC Audit FIle Question

from [jfvanmeter] Network Security [Permanent Link]
Subject: RE: FDCC Audit FIle Question
Date: Tue, 27 Nov 2007 22:25:57 +0000 
Hello Mehul, thank you for the information, can you please send me the link  to 
the document that contains the statement that   Deny logon through Terminal 
Services should "only"  be denied to the Guests  group. 

Secutor Prime also reported the same problem, once Threat Guard was aware of 
the issue Secutor Prime was  corrected so that it did not fail a check because 
additional user account were restricted using the various deny user rights in 
group policy. 

The FDCC Q3 2007 XP Group Policy requires  a password length of 12 , if  the 
organization requires a password length of 24  that check would fail.  Secutor 
Prime  use to fail this check until it  was correct so that the check  passes 
if its  12 or greater.

Best Regards --John


 -------------- Original message ----------------------
From: "Mehul" <mrevankar@tenablesecurity.com>

 > When I scan the same workstation with Nessus and the 

FDCC_Desktops_v90.audit., I get ten failures.

As an example the file checks 

<item> 
    name: "Deny log on through Terminal Services"
    value: "Guests"
</item>

The report shows the following

"Denied Logon Through Terminal Services" : [FAILED]

Remote value: "guests" | "renamed_guest"
Policy value: "Guests"



As per the FDCC guideline "Deny logon through Terminal Services" should only
be denied to "Guests". The 
FDCC checks within the .audit files are so designed, that they will pass
only if the settings on the remote system are "exactly" the same as
recommended
by the FDCC guideline. We have tested these against Virtual hard disks
published by NIST on the CSRC-FDCC website and can be downloaded from the
link below :

http://fdcc.nist.gov/download_fdcc.html

We have also published the results of our scan on our blog :

http://blog.tenablesecurity.com/2007/09/using-nessus-co.html

 

Is there a way that check can be written to look for "Guests" 
, but not fail if I place addational restrict on other groups 
or users?



Not at this time, but our future version of compliance checks will be able
support this kind of operation. We expect to release it in Q1 next year.

- Mehul



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Solaris local checks - installed patches, darko.gavrilovic@utoronto.ca
Next by Date:  RE: FDCC Audit FIle Question, Mehul
Previous by Thread:  RE: FDCC Audit FIle Question, Mehul
Next by Thread:  RE: FDCC Audit FIle Question, Mehul
Indexes:  [Date] [Thread] [Top] [All Lists]