BANYAN VINES CHECKLIST

Fileserver(s) Location(s) _____________________________________________________

Fileserver(s) Make/Model Number, Configuration and Peripherals Attached


PHYSICAL SECURITYYESNO
Are the individual machine's keys securely stored?  
Does the server console have an active password for access?   
Is the fileserver contained in a locked room/repository?  
Is the fileserver protected against inadvertent/ advertent tampering by unauthorized personnel?   
Is the fileserver under visual access?  
BANYAN VINES GENERAL CONFIGURATION  
Maximum password age: expire in 12 weeks?   
Minimum password length: at least  6  characters?    
Force password change on expiration?YES    
Users are prevented from editing their own login profile? YES   
Users are able to change their own password?  YES  
The maximum number of stations that a user may be logged into at any given time is 1? YES   
Group membership is consistent with need-to-know?  
GUEST/Default accounts have been disabled/removed?   
Auditing Enabled for Logon/Logoff (Success and Failure)  
Individual user security settings default to GROUP? YES  
A written justification exists for any user not adhering to group level security? YES  
For non-user ID's (such as Sample Profiles, PC Print logins, etc.), the Disable Mailbox setting is set to YES?  
A written justification exists for any user ID not adhering to the setting identified in this checklist?   
User login confined to specific days and times?  
Users forcibly logged out after authorized hours?  
Users confined to specific workstations  
User login levels appropriate to the user?  
Are the members of the AdminList Mission System Administrators or individuals with "need to know", or allowed admin access?  
AdminList does not appear as an item in the server level AdminList?  
 
REMOTE ACCESS CONFIGURATION
Modems are turned off when not in use?  
Dial-in access list created for each server (if applicable)?  
Modems with dial-in access are not attached to workstations connected to the LAN.  
Dial-in modem connections are mediated through the use of a firewall.  
Default passwords for remote software removed/changed?   

INTERNETWORK ACCESS

  
Console password distribution is limited on a "need to know" basis?  
Internetwork Access Lists have been established, with levels of access defined?  

NETPRO REPORT STANDARDS

  
The "USERSEC.REP" report is run every week and all user security settings verified?  
The "MAILOLD.REP" report is run every two weeks and all invalid ST names removed?  
The "SERVERS.REP" report is run monthly and the information provided verified?  
 

LOGGING/AUDIT TRAIL

  
StreetTalk and User Access reports generated?  
Log reports printed weekly?  
Log reports archived and retained for 6 months?  

ATTRIBUTES

  
Sharing attribute is OFF?  

PRINTERS

  
AdminList of the print server is restricted?  

ACCESS RIGHTS LIST STANDARDS

  
The rights assignments for Program file services are configured properly?  
The rights assignments for Users file services are configured properly?  
The rights assignments for Users file services are configured properly?  
System Administrator Signature:_______________________________________ Date:______