Belarc Advisor

  The license associated with the Belarc Advisor product allows for free personal use only.  Use on multiple computers in a corporate, educational, military or government installation is prohibited.  See the license agreement for details.  The information on this page was created locally on your computer by the Belarc Advisor.  Your computer profile was not sent to a web server.


About Belarc

System Management Products


Back to Profile Summary

 
CIS Benchmark Score Details
Computer Name:  Oooo (in MYWORKGROUP)
Profile Date:  Wednesday, October 24, 2007 4:45:14 PM
Advisor Version:   7.2a
Windows Logon: Jooo
 
Click here for Belarc's security products, for large and small companies.
 
Advisor Security Definitions Are Out Of Date.
Click here for the latest definitions.
 
Score: 3.13 of 10    (scoring rules...)  = Pass
 = Fail
Benchmark: CIS WinXP Legacy, Version 1.3
             
Service Packs and Hotfixes
Current Service Pack Section Score: 1.25 of 1.25 
1. Latest Service Pack
 
Critical and Security Hotfixes Section Score: 1.25 of 1.25 
1. Latest Critical and Security Hotfixes
 
Account and Audit Policies
Password Policies Section Score: 0.00 of 0.83 
1. Current Password Ages
2. Minimum Password Length
 
Audit and Account Policies Section Score: 0.00 of 0.83 
1. Audit Account Logon Events
2. Audit Account Management
3. Audit Logon Events
4. Audit Object Access
5. Audit Policy Change
6. Audit Privilege Use
7. Audit System Events
8. Minimum Password Age
9. Maximum Password Age
10. Password Complexity
11. Store Passwords using Reversible Encryption
12. Password History Size
13. Account Lockout Duration
14. Account Lockout Threshold
15. Reset Account Lockout Count Time
 
Event Log Policies Section Score: 0.00 of 0.83 
1. Application Event Log: Maximum Size
2. Application Event Log: Restrict Guest Access
3. Security Event Log: Maximum Size
4. Security Event Log: Restrict Guest Access
5. System Event Log: Maximum Size
6. System Event Log: Restrict Guest Access
 
Security Settings
Anonymous Account Restrictions Section Score: 0.00 of 0.83 
1. Network Access: Allow Anonymous SID/Name Translation
2. Network Access: Do not allow Anonymous Enumeration of SAM Accounts
3. Network Access: Do not allow Anonymous Enumeration of SAM Accounts and Shares
 
Security Options Section Score: 0.00 of 0.83 
1. Accounts: Guest Account Status
2. Accounts: Limit Local Account Use of Blank Passwords to Console Logon Only
3. Accounts: Rename administrator account
4. Accounts: Rename guest account
5. Devices: Allowed to format and eject removable media
6. Devices: Unsigned Driver Installation Behavior
7. Domain Member: Digitally Encrypt or Sign Secure Channel Data (Always)
8. Domain Member: Digitally Encrypt Secure Channel Data (When Possible)
9. Domain Member: Digitally Sign Secure Channel Data (When Possible)
10. Domain Member: Disable Machine Account Password Changes
11. Domain Member: Maximum Machine Account Password Age
12. Interactive Logon: Do Not Display Last User Name
13. Interactive Logon: Do Not Require CTRL+ALT+DEL
14. Interactive Logon: Message Text for Users Attempting to Log On
15. Interactive Logon: Message Title for Users Attempting to Log On
16. Interactive Logon: Number of Previous Logons to Cache
17. Interactive Logon: Prompt User to Change Password Before Expiration
18. Interactive Logon: Smart Card Removal Behavior
19. Microsoft Network Client: Digitally Sign Communication (if server agrees)
20. Microsoft Network Client: Send Unencrypted Password to Connect to Third-Party SMB Server
21. Microsoft Network Server: Amount of Idle Time Required Before Disconnecting Session
22. Microsoft Network Server: Digitally Sign Communication (if client agrees)
23. Microsoft Network Server: Disconnect Clients When Logon Hours Expire
24. Network Access: Let Everyone Permissions Apply to Anonymous Users
25. Network Access: Shares that can be accessed anonymously
26. Network Access: Sharing and Security Model for Local Accounts
27. Network Security: LAN Manager Authentication Level
28. Network Security: LDAP Client Signing Requirements
29. Recovery Console: Allow Automatic Administrative Log On
30. Shutdown: Allow System to be Shut Down Without Having to Log On
31. Shutdown: Clear Virtual Memory Pagefile
32. System Objects: Default Owner for Objects Created by Members of the Administrators Group
 
Additional Security Settings Section Score: 0.00 of 0.83 
1. Suppress Dr. Watson Crash Dumps
2. Disable Automatic Execution of the System Debugger
3. Disable Autoplay from any Disk Type, Regardless of Application
4. Disable Autoplay from the Default Profile
5. Disable Automatic Logon
6. Disable Automatic Reboots After a Blue Screen of Death
7. Disable CD Autorun
8. Protect Against Computer Browser Spoofing Attacks
9. Protect Against Source-routing Spoofing
10. Protect the Default Gateway Network Setting
11. Ensure ICMP Routing via Shortest Path First
12. Help Protect Against Packet Fragmentation
13. Manage Keep-alive Times
14. Protect Against Malicious Name-release Attacks
15. Ensure Router Discovery is Disabled
16. Protect Against SYN Flood Attacks
17. SYN Attack Protection - Manage TCP Maximum Half-open Sockets
18. SYN Attack Protection - Manage TCP Maximum Half-open Retired Sockets
19. Enable IPSec to Protect Kerberos RSVP Traffic
20. Hide Workstation from Network Browser Listing
21. Enable Safe DLL Search Mode
 
Available Services and Other Requirements
Available Services Section Score: 0.00 of 0.63 
1. Alerter Service Permissions
2. Clipbook Service Permissions
3. FTP Publishing Service Permissions
4. IIS Admin Service Permissions
5. Messenger Service Permissions
6. NetMeeting Remote Desktop Sharing Service Permissions
7. Remote Desktop Help Session Manager Permissions
8. Routing and Remote Access Service Permissions
9. SMTP Service Permissions
10. SNMP Service Permissions
11. SNMP Trap Permissions
12. Telnet Service Permissions
13. World Wide Web Publishing Services Permissions
 
User Rights Section Score: 0.00 of 0.63 
1. Access this Computer from the Network
2. Act as Part of the Operating System
3. Allow Logon through Terminal Services
4. Back up Files and Directories
5. Bypass Traverse Checking
6. Change the System Time
7. Create a Pagefile
8. Create a Token Object
9. Create Permanent Shared Objects
10. Debug Programs
11. Deny Access to this Computer from the Network
12. Force Shutdown from a Remote System
13. Generate Security Audits
14. Increase Scheduling Priority
15. Load and Unload Device Drivers
16. Lock Pages in Memory
17. Log on Locally
18. Manage Auditing and Security Log
19. Modify Firmware Environment Values
20. Perform Volume Maintenance Tasks
21. Profile Single Process
22. Profile System Performance
23. Remove Computer from Docking Station
24. Replace a Process Level Token
25. Restore Files and Directories
26. Shut Down the System
27. Take Ownership of File or Other Objects
 
Other System Requirements Section Score: 0.63 of 0.63 
1. All Local Volumes NTFS
2. Restricted Group: Remote Desktop Users
 
File and Registry Permissions Section Score: 0.00 of 0.63 
1. Permissions for HKLM\software\microsoft\windows\currentversion\installer
2. Permissions for HKLM\software\microsoft\windows\currentversion\policies
3. Permissions for HKLM\system\currentcontrolset\enum
4. Permissions for HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers
5. Permissions for HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities
6. Permissions for USERS\.DEFAULT\Software\Microsoft\SystemCertificates\Root\ProtectedRoots
7. Permissions for HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit
8. Permissions for %SystemRoot%\system32\tlntsvr.exe
9. Permissions for %SystemRoot%\system32\tftp.exe
10. Permissions for %SystemRoot%\system32\telnet.exe
11. Permissions for %SystemRoot%\system32\subst.exe
12. Permissions for %SystemRoot%\system32\sc.exe
13. Permissions for %SystemRoot%\system32\runas.exe
14. Permissions for %SystemRoot%\system32\rsh.exe
15. Permissions for %SystemRoot%\system32\rexec.exe
16. Permissions for %SystemRoot%\system32\regsvr32.exe
17. Permissions for %SystemRoot%\system32\regedt32.exe
18. Permissions for %SystemRoot%\regedit.exe
19. Permissions for %SystemRoot%\system32\reg.exe
20. Permissions for %SystemRoot%\system32\rcp.exe
21. Permissions for %SystemRoot%\system32\netsh.exe
22. Permissions for %SystemRoot%\system32\net1.exe
23. Permissions for %SystemRoot%\system32\net.exe
24. Permissions for %SystemRoot%\system32\ftp.exe
25. Permissions for %SystemRoot%\system32\eventtriggers.exe
26. Permissions for %SystemRoot%\system32\eventcreate.exe
27. Permissions for %SystemRoot%\system32\edlin.exe
28. Permissions for %SystemRoot%\system32\drwtsn32.exe
29. Permissions for %SystemRoot%\system32\drwatson.exe
30. Permissions for %SystemRoot%\system32\debug.exe
31. Permissions for %SystemRoot%\system32\cacls.exe
32. Permissions for %SystemRoot%\system32\attrib.exe
33. Permissions for %SystemRoot%\system32\at.exe
 
   

Why are benchmarks important for IT security?  Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems.  Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks.  The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats (IA Newsletters "Security Benchmarks: A Gold Standard." Click here to request a copy.) For our white paper, "Security Within", click here to request a copy.

What is the Center for Internet Security (CIS)?  The CIS is an open association consisting of industry, government and academic members.  Its mission is to help IT organizations more effectively manage their risks related to information security.  Click here for details.

What are the CIS Benchmarks?  The Benchmarks are developed by CIS members and staff and are consensus based, best-practice security configurations for computers connected to the Internet.  Click here for details.

What is the CIS Benchmark Score?  The Belarc Advisor has performed a security audit of your system using the CIS Level-I benchmark appropriate to your operating system.  The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats.  The higher the number the less vulnerable your system.

How can you reduce your security vulnerability?  The CIS configurations are available as Microsoft security template files from the CIS.  Warning: Applying these security templates may cause some applications to stop working correctly.  Back up your system prior to applying these security templates or apply the templates on a test system first.
Click here to download the templates from the CIS (requires registration and acceptance of the CIS license agreement).


Copyright 2000-6, Belarc, Inc. All rights reserved.
Legal notice. U.S. Patents 6085229, 5665951 and Patents pending.