Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: FDCC Audit FIle Question

from [jfvanmeter] Network Security [Permanent Link]
Subject: RE: FDCC Audit FIle Question
Date: Wed, 28 Nov 2007 18:17:17 +0000 

 -------------- Original message ----------------------
From: "Mehul" <mrevankar@tenablesecurity.com>

 

Hello Mehul, thank you for the information, can you please 
send me the link  to the document that contains the statement 
that   Deny logon through Terminal Services should "only"  be 
denied to the Guests  group. 


John,

The settings are listed in an excel sheet which can be downloaded from 
here http://fdcc.nist.gov/FDCC-SCAP-Content-Test-v1-0-1.xls or the .inf 
file included with the GPO's
(http://fdcc.nist.gov/FDCC-Q3-2007-Final-GPO-20070730.zip).
Although I dont think there is harm in having additional members on Deny
user right settings. I think this is best handled by editing the .audit file
on your side.

So for e.g in your case, you may want to edit the .audit file as follows.


Thanks Mehul that exactly what I did this morning, I was hoping that there was 
a fix for the .audit file like Threat Guard did with Secutor Prime.

Take Care and Have Fun --John
 

<item> 
      name: "Deny log on through Terminal Services"
      value: "Guests" | ""renamed_guest"
</item>



Secutor Prime also reported the same problem, once Threat 
Guard was aware of the issue Secutor Prime was  corrected so 
that it did not fail a check because additional user account 
were restricted using the various deny user rights in group policy. 


As I said earlier, our next version of compliance checks will be much
more flexible in handling such type of operations. But for now, this 
should be handled by editing the .audit file.


The FDCC Q3 2007 XP Group Policy requires  a password length 
of 12 , if  the organization requires a password length of 24 
 that check would fail.  Secutor Prime  use to fail this 
check until it  was correct so that the check  passes if its  
12 or greater.


I made some changes to .audit file so that system settings (passwd length,
passwd age etc...) will be much more tolerant
if the settings are stricter than the FDCC recommended settings. It should
be up on the portal in couple of hours.
  
Thanks

- Mehul



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: multiple false positives, Nicolas Pouvesle
Next by Date:  RE: FDCC Audit FIle Question, Mehul
Previous by Thread:  RE: FDCC Audit FIle Question, Mehul
Indexes:  [Date] [Thread] [Top] [All Lists]