|
The Microsoft Windows NT SRR targets conditions that undermine
the integrity of security, contribute to inefficient
security operations and administration, or
may lead to interruption of production operations.
Sites are required to secure the Microsoft
Windows NT operating system in accordance
with DOD Directive 8500.1, Section 4.18. The
checks in this document were developed from
DISA and NSA guidelines specified in the above
reference. Additionally, the review ensures
the site has properly installed and implemented
the Windows NT operating system and that it
is being managed in a way that is secure,
efficient, and effective. The items reviewed
are based on standards and requirements published
by DISA in the Security Handbook and other
DoD Policy and regulations. The results of
the SRR scripts will coincide with the Windows
NT SRR Checklist with the following: F- Finding,
N/F- Not A Finding, N/A- Not Applicable, MR
-Manual Review, or NR - Not Reviewed.
This document is designed to instruct the reviewer on how
to assess both the workstation and server
configurations. In addition, the procedures
account for the optional domain-controller
configuration of devices running Windows NT
Server.
The Windows NT Security Checklist is composed of five major
sections and four appendices:
- Section 1: This section contains summary information
about the sections and appendices that comprise
the Windows NT Security Checklist, and defines
its scope. Supporting documents consulted
are listed in this section.
- Section 2: This section is the matrix that allows the
reviewer to document vulnerabilities discovered
during the SRR process. Section 2A is used
for a review done using the WinBatch SRR scripts.
Section 2B is used for manual SRRs. The entries
in this table, sorted by Potential Discrepancy
Item (PDI), are mapped to procedures - referenced
by paragraph number - in Sections 3, 4, and
5.
- Section 3: This section contains the administrative issues
that are discussed between the reviewer and
the System Administrator or the Information
Systems Security Officer (ISSO). The interview
outlined in this section may be performed
independent of the technical review discussed
in Sections 4 and 5.
- Section 4: This section documents the procedures that
instruct the reviewer on how to perform an
SRR using the automation scripts, and to interpret
the script output for vulnerabilities. Each
procedure maps to a PDI tabulated in Section
2.
- Section 5: This section documents the procedures that
instruct the reviewer on how to perform an
SRR manually, and to interpret the program
output for vulnerabilities. Each procedure
maps to a PDI tabulated in Section 2.
- Appendix A: This appendix documents the allowed Access
Control Lists (ACLs) for file and registry
objects. The tables contained in this section
are referenced in Sections 4 and 5.
- Appendix B: This appendix documents procedures for checking
compliance with specific IAVM notices applicable
to Windows NT.
- Appendix C: This appendix documents the WinBatch scripts
used to perform an SRR. The scripts documented
here are referenced in Section 4.
- Appendix D: This appendix documents the procedures for
using the 'John the Ripper' password integrity
utility.
|
