Belarc Advisor Security Benchmark Summary

The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server.

About Belarc

System Management Products

Back to Profile Summary


CIS Benchmark Score Details
Computer Name:	Oooo (in MYWORKGROUP)
Profile Date:	Wednesday, October 24, 2007 4:45:14 PM
Advisor Version:	7.2a
Windows Logon:	Jooo


Click here for Belarc's security products, for large and small companies.

Advisor Security Definitions Are Out Of Date.
Click here for the latest definitions.


Score:	3.13 of 10 (scoring rules...)	= Pass = Fail
Benchmark:	CIS WinXP Legacy, Version 1.3	= Pass = Fail


Service Packs and Hotfixes
	Current Service Pack			Section Score: 1.25 of 1.25
		1.	Latest Service Pack

	Critical and Security Hotfixes			Section Score: 1.25 of 1.25
		1.	Latest Critical and Security Hotfixes

Account and Audit Policies
	Password Policies			Section Score: 0.00 of 0.83
		1.	Current Password Ages
		2.	Minimum Password Length

	Audit and Account Policies			Section Score: 0.00 of 0.83
		1.	Audit Account Logon Events
		2.	Audit Account Management
		3.	Audit Logon Events
		4.	Audit Object Access
		5.	Audit Policy Change
		6.	Audit Privilege Use
		7.	Audit System Events
		8.	Minimum Password Age
		9.	Maximum Password Age
		10.	Password Complexity
		11.	Store Passwords using Reversible Encryption
		12.	Password History Size
		13.	Account Lockout Duration
		14.	Account Lockout Threshold
		15.	Reset Account Lockout Count Time

	Event Log Policies			Section Score: 0.00 of 0.83
		1.	Application Event Log: Maximum Size
		2.	Application Event Log: Restrict Guest Access
		3.	Security Event Log: Maximum Size
		4.	Security Event Log: Restrict Guest Access
		5.	System Event Log: Maximum Size
		6.	System Event Log: Restrict Guest Access

Security Settings
	Anonymous Account Restrictions			Section Score: 0.00 of 0.83
		1.	Network Access: Allow Anonymous SID/Name Translation
		2.	Network Access: Do not allow Anonymous Enumeration of SAM Accounts
		3.	Network Access: Do not allow Anonymous Enumeration of SAM Accounts and Shares

	Security Options			Section Score: 0.00 of 0.83
		1.	Accounts: Guest Account Status
		2.	Accounts: Limit Local Account Use of Blank Passwords to Console Logon Only
		3.	Accounts: Rename administrator account
		4.	Accounts: Rename guest account
		5.	Devices: Allowed to format and eject removable media
		6.	Devices: Unsigned Driver Installation Behavior
		7.	Domain Member: Digitally Encrypt or Sign Secure Channel Data (Always)
		8.	Domain Member: Digitally Encrypt Secure Channel Data (When Possible)
		9.	Domain Member: Digitally Sign Secure Channel Data (When Possible)
		10.	Domain Member: Disable Machine Account Password Changes
		11.	Domain Member: Maximum Machine Account Password Age
		12.	Interactive Logon: Do Not Display Last User Name
		13.	Interactive Logon: Do Not Require CTRL+ALT+DEL
		14.	Interactive Logon: Message Text for Users Attempting to Log On
		15.	Interactive Logon: Message Title for Users Attempting to Log On
		16.	Interactive Logon: Number of Previous Logons to Cache
		17.	Interactive Logon: Prompt User to Change Password Before Expiration
		18.	Interactive Logon: Smart Card Removal Behavior
		19.	Microsoft Network Client: Digitally Sign Communication (if server agrees)
		20.	Microsoft Network Client: Send Unencrypted Password to Connect to Third-Party SMB Server
		21.	Microsoft Network Server: Amount of Idle Time Required Before Disconnecting Session
		22.	Microsoft Network Server: Digitally Sign Communication (if client agrees)
		23.	Microsoft Network Server: Disconnect Clients When Logon Hours Expire
		24.	Network Access: Let Everyone Permissions Apply to Anonymous Users
		25.	Network Access: Shares that can be accessed anonymously
		26.	Network Access: Sharing and Security Model for Local Accounts
		27.	Network Security: LAN Manager Authentication Level
		28.	Network Security: LDAP Client Signing Requirements
		29.	Recovery Console: Allow Automatic Administrative Log On
		30.	Shutdown: Allow System to be Shut Down Without Having to Log On
		31.	Shutdown: Clear Virtual Memory Pagefile
		32.	System Objects: Default Owner for Objects Created by Members of the Administrators Group

	Additional Security Settings			Section Score: 0.00 of 0.83
		1.	Suppress Dr. Watson Crash Dumps
		2.	Disable Automatic Execution of the System Debugger
		3.	Disable Autoplay from any Disk Type, Regardless of Application
		4.	Disable Autoplay from the Default Profile
		5.	Disable Automatic Logon
		6.	Disable Automatic Reboots After a Blue Screen of Death
		7.	Disable CD Autorun
		8.	Protect Against Computer Browser Spoofing Attacks
		9.	Protect Against Source-routing Spoofing
		10.	Protect the Default Gateway Network Setting
		11.	Ensure ICMP Routing via Shortest Path First
		12.	Help Protect Against Packet Fragmentation
		13.	Manage Keep-alive Times
		14.	Protect Against Malicious Name-release Attacks
		15.	Ensure Router Discovery is Disabled
		16.	Protect Against SYN Flood Attacks
		17.	SYN Attack Protection - Manage TCP Maximum Half-open Sockets
		18.	SYN Attack Protection - Manage TCP Maximum Half-open Retired Sockets
		19.	Enable IPSec to Protect Kerberos RSVP Traffic
		20.	Hide Workstation from Network Browser Listing
		21.	Enable Safe DLL Search Mode

Available Services and Other Requirements
	Available Services			Section Score: 0.00 of 0.63
		1.	Alerter Service Permissions
		2.	Clipbook Service Permissions
		3.	FTP Publishing Service Permissions
		4.	IIS Admin Service Permissions
		5.	Messenger Service Permissions
		6.	NetMeeting Remote Desktop Sharing Service Permissions
		7.	Remote Desktop Help Session Manager Permissions
		8.	Routing and Remote Access Service Permissions
		9.	SMTP Service Permissions
		10.	SNMP Service Permissions
		11.	SNMP Trap Permissions
		12.	Telnet Service Permissions
		13.	World Wide Web Publishing Services Permissions

	User Rights			Section Score: 0.00 of 0.63
		1.	Access this Computer from the Network
		2.	Act as Part of the Operating System
		3.	Allow Logon through Terminal Services
		4.	Back up Files and Directories
		5.	Bypass Traverse Checking
		6.	Change the System Time
		7.	Create a Pagefile
		8.	Create a Token Object
		9.	Create Permanent Shared Objects
		10.	Debug Programs
		11.	Deny Access to this Computer from the Network
		12.	Force Shutdown from a Remote System
		13.	Generate Security Audits
		14.	Increase Scheduling Priority
		15.	Load and Unload Device Drivers
		16.	Lock Pages in Memory
		17.	Log on Locally
		18.	Manage Auditing and Security Log
		19.	Modify Firmware Environment Values
		20.	Perform Volume Maintenance Tasks
		21.	Profile Single Process
		22.	Profile System Performance
		23.	Remove Computer from Docking Station
		24.	Replace a Process Level Token
		25.	Restore Files and Directories
		26.	Shut Down the System
		27.	Take Ownership of File or Other Objects

	Other System Requirements			Section Score: 0.63 of 0.63
		1.	All Local Volumes NTFS
		2.	Restricted Group: Remote Desktop Users

	File and Registry Permissions			Section Score: 0.00 of 0.63
		1.	Permissions for HKLM\software\microsoft\windows\currentversion\installer
		2.	Permissions for HKLM\software\microsoft\windows\currentversion\policies
		3.	Permissions for HKLM\system\currentcontrolset\enum
		4.	Permissions for HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers
		5.	Permissions for HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities
		6.	Permissions for USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
		7.	Permissions for HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit
		8.	Permissions for %SystemRoot%\system32\tlntsvr.exe
		9.	Permissions for %SystemRoot%\system32\tftp.exe
		10.	Permissions for %SystemRoot%\system32\telnet.exe
		11.	Permissions for %SystemRoot%\system32\subst.exe
		12.	Permissions for %SystemRoot%\system32\sc.exe
		13.	Permissions for %SystemRoot%\system32\runas.exe
		14.	Permissions for %SystemRoot%\system32\rsh.exe
		15.	Permissions for %SystemRoot%\system32\rexec.exe
		16.	Permissions for %SystemRoot%\system32\regsvr32.exe
		17.	Permissions for %SystemRoot%\system32\regedt32.exe
		18.	Permissions for %SystemRoot%\regedit.exe
		19.	Permissions for %SystemRoot%\system32\reg.exe
		20.	Permissions for %SystemRoot%\system32\rcp.exe
		21.	Permissions for %SystemRoot%\system32\netsh.exe
		22.	Permissions for %SystemRoot%\system32\net1.exe
		23.	Permissions for %SystemRoot%\system32\net.exe
		24.	Permissions for %SystemRoot%\system32\ftp.exe
		25.	Permissions for %SystemRoot%\system32\eventtriggers.exe
		26.	Permissions for %SystemRoot%\system32\eventcreate.exe
		27.	Permissions for %SystemRoot%\system32\edlin.exe
		28.	Permissions for %SystemRoot%\system32\drwtsn32.exe
		29.	Permissions for %SystemRoot%\system32\drwatson.exe
		30.	Permissions for %SystemRoot%\system32\debug.exe
		31.	Permissions for %SystemRoot%\system32\cacls.exe
		32.	Permissions for %SystemRoot%\system32\attrib.exe
		33.	Permissions for %SystemRoot%\system32\at.exe

Why are benchmarks important for IT security? Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems. Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks. The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats (IA Newsletters "Security Benchmarks: A Gold Standard." Click here to request a copy.) For our white paper, "Security Within", click here to request a copy.

What is the Center for Internet Security (CIS)? The CIS is an open association consisting of industry, government and academic members. Its mission is to help IT organizations more effectively manage their risks related to information security. Click here for details.

What are the CIS Benchmarks? The Benchmarks are developed by CIS members and staff and are consensus based, best-practice security configurations for computers connected to the Internet. Click here for details.

What is the CIS Benchmark Score? The Belarc Advisor has performed a security audit of your system using the CIS Level-I benchmark appropriate to your operating system. The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats. The higher the number the less vulnerable your system.

How can you reduce your security vulnerability? The CIS configurations are available as Microsoft security template files from the CIS. Warning: Applying these security templates may cause some applications to stop working correctly. Back up your system prior to applying these security templates or apply the templates on a test system first.
Click here to download the templates from the CIS (requires registration and acceptance of the CIS license agreement).