MEDS – Sample Report - MIEL e
Transcription
MEDS – Sample Report - MIEL e
CONFIDENTIAL MIEL’S ENDPOINT DIAGNOSTIC REPORT PREPARED BY MIEL e-Security Pvt. Ltd. AML Centre 1, 4th Floor, 8 Mahal Industrial Estates, Off Mahakali Caves Road, Andheri (East), Mumbai - 400 093, India Tel No: + 91 (22) 3009 6969 Fax No: + 91 (22) 2687 8062 Email: feelsecure@mielesecurity.com URL: www.mielesecurity.com ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 2 Document: Endpoint Diagnostic Report For: ABC Limited Prepared By: MIEL e-Security Pvt. Ltd. Classification: Confidential Status: Final Report Version: 1.0 Date: MMMM DD, YYYY Consultant Name1 Technical Consultant – Information Security Approver’s Name Approved By: Designation Prepared By: DISCLAIMER This report is being supplied by us on the basis that it is for your benefit and information only and that, save as may be required by law or by a competent regulatory authority (in which case you shall inform us in advance), it shall not be copied, referred to or disclosed, in whole (save for your own internal purpose) or in part, without our prior written consent. The report is submitted on the basis that you shall not quote our name or reproduce our logo in any form or medium without prior written consent. You may disclose in whole this report to your legal and other professional advisers for the purpose of your seeking advice in relation to the report, provided that when doing so you inform them that: Disclosure by them (save for their own internal purposes) is not permitted without our prior written consent, and To the fullest extent permitted by law we accept no responsibility or liability to them in connection with this report. Any advice, opinion, statement of expectation, forecast or recommendation supplied or expressed by us in this report is based on the information provided to us and we believe such advice, opinion, statement of expectation, forecast or recommendation to be true. However such advice, opinion, statement of expectation, forecast or recommendation shall not amount to any form of guarantee that we have determined or predicted future events or circumstances but shall ensure accuracy, competency, correctness or completeness of the report based on the information provided to us. ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 3 Table of Contents EXECUTIVE SUMMARY .................................................................................................................5 1. Scope of the Assignment .............................................................................................................................6 2. Project Team ...............................................................................................................................................6 3. Findings (Compliance)............................................................................................................................. 7-9 A. Overall. ...........................................................................................................................................7 B. Location/Department-wise ............................................................................................................8 C. Across Security Categories .............................................................................................................9 4. List of Checks ...................................................................................................................................... 10-11 5. Feedback ............................................................................................................................................. 12-13 A. Analysis . ..................................................................................................................................... 12 B. Recommendations . .................................................................................................................... 12 C. Best Practices ............................................................................................................................. 13 ANNEXURES ............................................................................................................................... 14 ANNEXURE A: List of Endpoints Scanned ....................................................................................................... 15 ANNEXURE B: IP-wise Security Checks Performed ........................................................................................ 17 ANNEXURE C: IP-wise Compliance & Actionable Report ............................................................................. 23 ANNEXURE D: Software Statistics: Undesired Software List ......................................................................... 36 FREQUENTLY ASKED QUESTIONS (FAQs) ..................................................................................... 31 ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 4 ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 5 Executive Summary MIEL e-Security Pvt. Ltd. was commissioned by ABC Ltd. to perform a security compliance audit of their endpoints (which included desktops, laptops and servers). MIEL carried out this audit using its proprietary technology - MEDS (MIEL Endpoint Diagnostic Service). The purpose of the audit was to determine the compliance level of ABC Ltd. against their defined Compliance Policy. 1. Scope of the Assignment The scope of the audit was limited to test the effectiveness of the identified internal controls against the Organization’s Customized Compliance Policy over the range of network comprising of desktops and laptops. The MEDS Audit covered 1,522 endpoints across four Locations/Departments. Audit Location/Department Location/Dept. 1 800 Location/Dept. 2 157 Location/Dept. 3 85 Location/Dept. 4 480 Total Endpoints : 2. No. of Endpoints 1522 Project Team Project team consisted of: MIEL e-Security Team Contact Information Project Lead Engineer xyz@mielesecurity.com Activity Engineer abc@mielesecurity.com ABC Team Contact Information Customer Name – SPOC email@customer.com ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 6 3. A. Findings Findings: Overall Compliance The overall compliance level for this audit is MEDIUM. Legend: Level Range (%) Description 81% - 100% The endpoints compliance exceeds the industry standard compliance level. MEDIUM 61% - 80% The endpoints compliance is around the industry standard compliance levels. However, there is room for improvement. LOW 0% - 60% The endpoints compliance is below the industry standard compliance levels and action must be taken to increase the compliance level. HIGH ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 7 B. Findings: Across Location / Department-wise The overall compliance level by Location/Dept. is provided below: Compliance Across Location/Dept. 90 78% 77% 78% 81% 80 Average Compliance (%) 70 60 50 40 30 20 10 Locations Location/Dept. 1 Location/Dept. 2 Location/Dept. 3 Location/Dept. 4 Location Average Compliance (%) Minimum Compliance (%) Maximum Compliance (%) Location/Dept. 1 77% 38% 100% Location/Dept. 2 78% 17% 100% Location/Dept. 3 78% 55% 93% Location/Dept. 4 81% 17% 100% ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 8 C. Findings: Across Security Categories The audit was performed across a set of 10 Security Categories. The following are the compliance levels in each category: Compliance Across Security Categories 100 97% 100% 96% 91% 90 83% 75% Average Compliance (%) 80 68% 67% 70 60 50 40 29% 30 20 15% 10 0 Type of Security Categories ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 9 4. List of Checks Complete list of checks as per the Organization’s Customized Compliance policy: ANTIVIRUS Sr. No. Check Name Expected Value Compare Logic 1 Is Antivirus Auto-Protect Enabled Enabled = ISO 27001 Control A.10.4.1 2 Is Antivirus Present Enabled = A.10.4.1 3 Is Antivirus Updated Enabled = A.10.4.1 4 Symantec MR Version Should Contain 5 Symantec Virus Definitions Should Contain AUTO UPDATE Sr. No. 1 Check Name Expected Value Compare Logic ISO 27001 Control Automatic Update Status Download updates for me, but let me choose when to install them = A.10.1.2 Expected Value Compare Logic ISO 27001 Control CUSTOM REGISTRY Sr. No. 1 2 Check Name Symantec Managed Clients Group Name Symantec Policy Serial Number Should Contain Should Contain INFORMATIONAL CHECKS Sr. No. Check Name Expected Value Compare Logic 1 Installed Hotfixes Should Contain 2 Network File Shares Should Contain 3 Non-NTFS Partitions Should Contain 4 Softwares Installed Should Contain 5 Softwares Installed - Full Details Should Contain ISO 27001 Control PASSWORD POLICY Sr. No. Check Name Expected Value Compare Logic 1 Account Lockout Threshold 5 >= ISO 27001 Control A.11.5.1 2 Enforce Password History Maximum Password Age [in number of days] Minimum Password Age [in number of days] Minimum Password Length 3 >= A.11.5.1 30 >= A.11.3.1 1 >= A.11.3.1 8 >= A.11.3.1 3 4 5 ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 10 SCREENSAVER Sr. No. Check Name Expected Value Compare Logic 1 Is Screen Saver Activated Screen Saver Timeout Duration [in number of seconds] Enabled = ISO 27001 Control A.11.3.3 900 >= A.11.3.3 2 SECURITY OPTIONS Sr. No. Check Name Expected Value Compare Logic ISO 27001 Control 1 Interactive logon: Message text for users attempting to log on THIS IS A PRIVATE COMPUTER SYSTEM, Should Contain A.11.5.1 2 Interactive logon: Message title for users attempting to log on !!! Attention!!! = A.11.5.1 Sr. No. Check Name Expected Value Compare Logic ISO 27001 Control 1 Bluetooth file transfer disabled Disable auto run on all external storage devices Read only access to CD ROM drives USB mass storage device disabled Enabled = Enabled = Enabled = Enabled = SEP 2 3 4 USER ACCOUNTS Sr. No. Check Name Expected Value Compare Logic 1 Is Guest Account Active Disabled = ISO 27001 Control A.11.2.2 2 Is User an Administrator Disabled = A.11.2.2 ISO 27001 Control USER RIGHTS ASSIGNMENT Sr. No. Check Name Expected Value Compare Logic 1 Log on locally 'Administrators' 'Domain Users' Should Contain ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 11 5. Feedback A. Analysis The overall compliance appears to be at the higher end of the industry standards for the XYZ vertical. Findings that need immediate action: i. The SEP checks to disallow USB flash drives are only implemented on portable systems and not desktops. This may allow desktop users to copy unauthorized content onto flash drives. ii. The automatic updates have not been configured as per the industry standard requirements. B. Recommendations Automatic Updates need to be configured to download and install patches automatically. The Symantec SEP policies need to be implemented on both portable and desktop systems. Screensaver policies should be configured to lock the system after 15 minutes. ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 12 C. Best Practices MIEL recommends the following best practices at all locations: Access to data on the USB thumb drive should be protected by password and/or encryption. Audit and user policies should be implemented as per the best practices provided by MIEL. Screen saver should be enabled and it should be secured. Screen saver time-out duration should be set as per the best practices provided. Set automatic update to automatically download recommended updates for the systems and install them. A third-party security tool should be in place to log all files copied to an authorized USB drive. Controls should be in place to prevent an unauthorized USB drive from being accessible to a workstation. Antivirus software should be installed and scheduled to run at regular intervals. In addition, the anti-virus software and the virus pattern files must be kept up-to-date. ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 13 ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 14 ANNEXURES ANNEXURE A: List of Endpoints Scanned MEDS - Detailed Compliance Report MMMM DD, YYYY 00:00 AM/PM Task Details Tas k N ame : ABC_Location 3_Scan Tas k Status : Finished Tas k Type : Order Template N ame : Customized Policy Template D es c ription : This is a health-check that audits the endpoints as per the organizations policy (ABC Limited) Create Time : MMMM DD, YYYY 00:00 AM/PM Start Time : MMMM DD, YYYY 00:00 AM/PM End Time : MMMM DD, YYYY 00:00 AM/PM List Of Endpoints Scanned Sr. No. Host Name IP Compliance 1 ABC_D_001 10.10.12.4 55.17% 2 ABC_D_002 10.10.12.5 62.07% 3 ABC_D_003 10.10.12.6 57.69% 4 ABC_D_004 10.10.12.7 68.97% 5 ABC_D_005 10.10.12.8 69.23% 6 ABC_D_006 10.10.12.9 89.66% 7 ABC_D_007 10.10.12.10 68.97% 8 ABC_D_008 10.10.12.11 93.10% 9 ABC_D_009 10.10.12.12 89.66% 10 ABC_D_010 10.10.12.13 79.31% 11 ABC_D_011 10.10.12.14 82.76% 12 ABC_D_012 10.10.12.15 82.76% 13 ABC_D_013 10.10.12.16 86.21% 14 ABC_D_014 10.10.12.17 65.52% 15 ABC_D_015 10.10.12.18 82.76% 16 ABC_D_016 10.10.12.19 89.66% 17 ABC_D_017 10.10.12.20 89.66% 18 ABC_D_018 10.10.12.21 89.66% 19 ABC_D_019 10.10.12.22 93.10% 20 ABC_D_020 10.10.13.54 68.97% 21 ABC_D_021 10.10.13.55 68.97% 22 ABC_D_022 10.10.13.56 72.41% 23 ABC_D_023 10.10.13.57 72.41% ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 15 List Of Endpoints Scanned Sr. No. Host Name IP Compliance 24 ABC_D_024 10.10.13.58 93.10% 25 ABC_D_025 10.10.13.59 65.52% 26 ABC_L_001 10.10.13.60 89.66% 27 ABC_L_002 10.10.13.61 93.10% 28 ABC_L_003 10.10.13.62 89.66% 29 ABC_L_004 10.10.13.63 62.07% 30 ABC_L_005 10.10.13.64 65.52% 31 ABC_L_006 10.10.13.65 65.52% 32 ABC_L_007 10.10.13.66 68.97% 33 ABC_L_008 10.10.13.67 75.86% 34 ABC_L_009 10.10.13.68 93.10% 35 ABC_L_010 10.10.13.69 72.41% 36 ABC_L_011 10.10.14.72 65.52% 37 ABC_L_012 10.10.14.73 86.21% 38 ABC_L_013 10.10.14.74 93.10% 39 ABC_L_014 10.10.14.75 82.76% 40 ABC_L_015 10.10.14.76 55.17% 41 ABC_L_016 10.10.14.77 68.97% 42 ABC_L_017 10.10.14.78 55.17% 43 ABC_L_018 10.10.14.79 89.66% 44 ABC_L_019 10.10.14.80 89.66% 45 ABC_L_020 10.10.14.81 68.97% 46 ABC_L_021 10.10.14.82 62.07% 47 ABC_L_022 10.10.14.83 93.10% 48 ABC_L_023 10.10.14.84 79.31% 49 ABC_L_024 10.10.14.85 89.66% 50 ABC_L_025 10.10.14.86 75.86% 51 ABC_L_026 10.10.14.87 93.10% 52 ABC_L_027 10.10.14.88 86.21% 53 ABC_L_028 10.10.14.89 86.21% 54 ABC_L_029 10.10.14.90 93.10% 55 ABC_L_030 10.10.14.91 79.31% 56 ABC_L_031 10.10.14.92 75.86% 57 ABC_L_032 10.10.14.93 89.66% 58 ABC_L_033 10.10.14.94 68.97% 59 ABC_L_034 10.10.14.95 89.66% 60 ABC_L_035 10.10.14.96 62.07% 61 ABC_L_036 10.10.14.97 89.66% 62 ABC_L_037 10.10.14.98 65.52% 63 ABC_L_038 10.10.14.99 68.97% ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 16 ANNEXURE B: IP-wise Security Checks Performed Security Check Expected Value Security Compliance Test_D_03 10.1.2.9 ANTIVIRUS Is Antivirus Auto-Protect Enabled ? Is Antivirus Present ? Is Antivirus Updated ? Which Mcafee Agent GUID is present ? Which Mcafee Virus Definitions Version is present ? Which Mcafee Virus Engine Version is present ? Which Symantec MR Version is present ? Which Symantec Virus Definitions is present ? Are you auditing account logon events for failure or success ? Are you auditing account management for failure or success ? Are you auditing directory service access for failure or success? Are you auditing logon events for failure or success? AUDIT POLICY Are you auditing object access for failure or success ? Are you auditing policy change for failure or success ? Are you auditing privilege use for failure or success ? Are you auditing process tracking for failure or success ? Are you auditing system events for failure or success ? AUTO UPDATE CUSTOM CHECKS EVENTLOG SCAN FIREWALL POLICIES PASSWORD POLICY PATCH LEVEL Test_D_02 10.1.2.2 Test_L_01 10.1.1.11 Enabled Enabled Enabled Test Installed Version : 4.0, Latest Available Version : 4.1 Installed Version : 3.0, Latest Available Version :3.10 ABC Installed Version : 01/01/0001 r0, Latest Available Version : 01/01/0001 r0 Failure Success Failure Success Failure Success Failure Success Failure Success Failure Success Failure Success Failure Success Failure Success What is the automatic Update status of windows ? Automatically download recommended updates for my computer and install them Which Symantec Policy Serial Number is present ? 544B-01/25/2011 16:31:13 226 Which Symantec Managed Clients Group Name is present ? My Company\Desktop\Desktop 32 BIT Which Trend Micro Build Number is present ? What is date of Trend Micro Pattern ? Which Trend Micro Program Version is present ? What is the Desktop path ? What is the last successful windows update date ? What is Documents folder path ? 1083 20110818 10.8 D:\All_Desktop\test\Desktop 25-08-11 7:31 D:\ALL_My Documents\test\My Documents Which Windows version is present ? 6 What is Maximum Application Log Size [in KiloBytes] ? 2048 What is Maximum Security Log Size [in KiloBytes] ? What is Maximum System Log Size [in KiloBytes] ? 2048 2048 Which are the Exceptions for Authorized Applications if any ? Is Firewall Enabled ? D:\Tally9\tally9.exe C:\Program Files\ORL\VNC\WinVNC.exe 139:TCP 445:TCP 137:UDP Enabled What is Account Lockout Duration [in number of minutes] ? 20 What is the value for Account Lockout Threshold ? 3 What is the count for Enforce Password History ? 2 What is Maximum Password Age [in number of days] ? 30 What is Minimum Password Age [in number of days] ? 1 What is Minimum Password Length [in number of characters] ? 8 What is the duration for Reset Account Lockout Counter After [in number of minutes] ? 10 What is the level of Windows Patch ? System is Fully Updated Which are the Exceptions for Open Ports if any ? Test_L_09 10.1.2.7 ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 17 Security Check Expected Value Does the user have access to CD-ROM Drives ? Does the user have access to Floppy Drives ? Does the user have access to Internet Explorer Security Page ? Enabled Enabled Enabled Does the user have access to Registry Editing Tools ? Is user allow the Saving of Passwords for Forms ? Is automatic Logon of Users of Workstation Enabled ? Is Autorun Status Enabled ? Is Changing of Internet Explorer Advanced Page Settings Enabled ? Enabled Enabled Enabled Enabled Enabled Is Simple TCP/IP Services ? Is SNMP Enabled ? Disabled Enabled SCREENSAVER Is Screen Saver Activated Is Screen Saver Secured What is Screen Saver Timeout Duration [in number of seconds] Enabled Enabled 600 USB DEVICES Which are the Connected Usb Devices? Is USB Driver Status Enabled ? Is USB Port Status Enabled ? No Devices Enabled Disabled Is Guest Account Active ? Is User an Administrator ? Which Local Administrators are present in the system ? Disabled Enabled WIN-VUMGXRU5CVF\Administrator WIN-VUMGXRU5CVF\socuser Administrator Guest socuser MISCELLANEOUS HARDENING USER ACCOUNTS Which Local Users are present in the system ? Which Hotfixes are Installed ? KB2079403 KB2124261 KB2141007 KB2207566 Who is the Last Logged In User ? What is Last System Boot Up Time ? What is the Name of Computer ? What is Manufacturer name ? What is the Model Name ? Which Processor does the system have ? What is the RAM size ? What is the Disk size ? Which Network Files are Shared ? \Localuser 02-09-11 8:40 TEST_D_056 HP AWRDACPI Intel(R) Pentium(R) 4 CPU 2.66GHz 2 GB 40 GB ADMIN$ C$ IPC$ A: D: c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe Application Experience Application Host Helper Service Application Information Base Filtering Engine Background Intelligent Transfer Service Certificate Propagation COM+ System Application Cryptographic Services DCOM Server Process Launcher DHCP Client DNS Client Which Non-NTFS Partitions the system have ? INFORMATIONAL CHECKS Which Processes are running while Scanning ? Which Services are Installed ? Security Compliance ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 18 Security Check INFORMATIONAL CHECKS SECURITY OPTIONS Expected Value Which Softwares are Installed ? Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Report Viewer Redistributable 2008 (KB952241) Microsoft SQL Server 2005 Nmap 5.51 TeamViewer 6 WinPcap 4.1.2 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Visual C++ 2008 Redistributable x86 9.0.30729.4148 Which Softwares are Installed - Full Details Microsoft SQL Server 2005 Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Microsoft SQL Server Setup Support Files (English) Accounts: Is Limit local account use of blank passwords to console logon only Enabled ? Audit: Is Audit the access of global system objects Enabled ? Audit: Is Audit the use of Backup and Restore privilege Enabled ? Audit: Is Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings Enabled ? Enabled Audit: Is Shut down system immediately if unable to log security audits Enabled ? DCOM: Is Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax Enabled ? DCOM: Is Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax ? Devices: Is Allow undock without having to log on Enabled ? Disabled Devices: Is Allowed to format and eject removable media Enabled ? Devices: Is Prevent users from installing printer drivers Enabled ? Devices: Is Restrict CD-ROM access to locally logged-on user only Enabled ? Devices: Is Restrict floppy access to locally logged-on user only Enabled ? Domain controller: Is Allow server operators to schedule tasks Enabled ? Domain controller: Is LDAP server signing requirements Enabled ? Domain controller: Is Refuse machine account password changes Enabled ? Domain member: Is Digitally encrypt or sign secure channel data (always) Enabled ? Domain member: Is Digitally encrypt secure channel data (when possible) Enabled ? Domain member: Is Digitally sign secure channel data (when possible) Enabled ? Domain member: Is Disable machine account password changes Enabled ? Domain member: What is Maximum machine account password age [in number of days] ? Domain member: Is Require strong (Windows 2000 or later) session key Enabled ? Interactive logon: Is Do not display last user name Enabled ? Interactive logon: Is Do not require CTRL+ALT+DEL Enabled ? Interactive logon: Message text for users attempting to log on Interactive logon: Message title for users attempting to log on Enabled Enabled Enabled Security Compliance Disabled Disabled Disabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled 30 Disabled Disabled Disabled Welcome Attention ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 19 Security Check SECURITY OPTIONS Expected Value Interactive logon: What is the count for Number of previous logons to cache ?(in case domain controller is not available) [in number of logons] 25 Interactive logon: How far in advance user are prompt to change password before expiration [in number of days] ? Interactive logon: Is Require Domain Controller authentication to unlock workstation Enabled ? Interactive logon: Is Require smart card Enabled ? Interactive logon: What is the behavior for Smart card removal ? Microsoft network client: Is Digitally sign communications (always) Enabled ? Microsoft network client: Is Digitally sign communications (if server agrees) Enabled ? Microsoft network client: Is Send unencrypted password to third-party SMB servers Enabled ? Microsoft network server: How much the idle time required before suspending session [in number of minutes] ? 14 Microsoft network server: Is Digitally sign communications (always) Enabled ? Microsoft network server: Is Digitally sign communications (if client agrees) Enabled ? Microsoft network server: Is Disconnect clients when logon hours expire Enabled ? Network access: Is Do not allow anonymous enumeration of SAM accounts Enabled ? Network access: Is Do not allow anonymous enumeration of SAM accounts and shares Enabled ? Network access: Is Do not allow storage of credentials or .NET Passports for network authentication Enabled ? Disabled Network access: Is Let Everyone permissions apply to anonymous users enabled ? Network access: Which Named Pipes that can be accessed anonymously are present in system ? Network access: Which Remotely accessible registry paths are present ? Disabled Network access: Which Remotely accessible registry paths and subpaths are present ? System\CurrentControlSet\Control\Print\P rinters System\CurrentControlSet\Services\Eventl og Software\Microsoft\OLAP Server Software\Microsoft\Windows NT\CurrentVersion\Print Software\Microsoft\Windows System\CurrentControlSet\Control\Content Index Enabled Security Compliance Disabled Disabled No Action Disabled Enabled Disabled 15 Disabled Enabled Enabled Disabled Disabled browser System\CurrentControlSet\Control\Product Options System\CurrentControlSet\Control\Server Applications Software\Microsoft\Windows NT\CurrentVersion Network access: Is Restrict anonymous access to Named Pipes and Shares Enabled ? Network access: Is Shares that can be accessed anonymously Enabled ? Disabled Network access: How Sharing and security model for local accounts are authenticated ? Network security: Is Do not store LAN Manager hash value on next password change Enabled ? Network security: Which LAN Manager authentication level is present ? Classic - local users authenticate as themselves Enabled Send NTLMv2 response only Network security: Which LDAP client signing requirements is present ? Negotiate signing Network security: Which Minimum session security for NTLM SSP based (including secure RPC) clients is present ? Network security: Which Minimum session security for NTLM SSP based (including secure RPC) servers is present ? Recovery console: Is Allow automatic administrative logon Enabled ? Recovery console: Is Allow floppy copy and access to all drives and all folders Enabled ? Shutdown: Is Allow system to be shut down without having to log on Enabled ? Shutdown: Is Clear virtual memory pagefile Enabled ? Not Defined Not Defined Disabled Disabled Disabled Disabled ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 20 Security Check SECURITY OPTIONS Which users and groups are allowed to Access the Credential Manager as a trusted caller ? Administrators Which users and groups are allowed to Access this computer from the network ? Backup Operators Everyone Users Administrators Administrators Which users and groups are allowed to Act as part of the operating system ? Which users and groups are allowed to Add workstations to domain ? Which users and groups are allowed to Adjust memory quotas for a process ? Security Compliance Administrators Which users and groups are allowed to Create a pagefile ? Administrators LOCAL SERVICE NETWORK SERVICE SQLServer2005MSSQLUser$WINVUMGXRU5CVF$SQLEXPRESS Administrators Remote Desktop Users Administrators Backup Operators Administrators Backup Operators Everyone LOCAL SERVICE NETWORK SERVICE SQLServer2005MSSQLUser$WINVUMGXRU5CVF$SQLEXPRESS Users Administrators LOCAL SERVICE Administrators LOCAL SERVICE Administrators LOCAL SERVICE NETWORK SERVICE SERVICE Administrators Which users and groups are allowed to Create a token object ? Administrators Which users and groups are allowed to Create permanent shared objects ? Administrators Which users and groups are allowed to Create symbolic links ? Administrators Which users and groups are allowed to Debug programs ? Administrators Which users and groups are allowed to Allow logon through Terminal Services ? Which users and groups are allowed to Back up file and directories ? Which users and groups are allowed to Bypass traverse checking ? USER RIGHTS ASSIGNMENT Expected Value System cryptography: Which setting for Force strong key protection Not defined for user keys stored on the computer is present ? System cryptography: Is Use FIPS compliant algorithms for encryption, Disabled hashing, and signing Enabled ? System objects: Is Require case insensitivity for non-Windows Enabled subsystems Enabled ? System objects: Is Strengthen default permissions of internal system Enabled objects (e.g. Symbolic Links) Enabled ? System settings: Which subsystems are used to support your Posix applications ? System settings: Is Use Certificate Rules on Windows Executables for Disabled Software Restriction Policies Enabled ? User Account Control: Is Admin Approval Mode for the Built-in Disabled Administrator account Enabled ? User Account Control: Which setting for Behavior of the elevation Prompt for consent prompt for administrators in Admin Approval Mode is present ? User Account Control: Which setting for Behavior of the elevation Prompt for credentials prompt for standard users is present ? User Account Control: Is Detect application installations and prompt for Enabled elevation Enabled ? User Account Control: Is Only elevate executables that are signed and Disabled validated Enabled ? User Account Control: Is Only elevate UIAccess applications that are Enabled installed in secure locations Enabled ? User Account Control: Is Run all administrators in Admin Approval Enabled Mode Enabled ? User Account Control: Is Switch to the secure desktop when prompting Enabled for elevation Enabled ? User Account Control: Is Virtualize file and registry write failures to per- Enabled user locations Enabled ? Which users and groups are allowed to Change the system time ? Which users and groups are allowed to Change the time zone ? Which users and groups are allowed to Create a global objects ? Which users and groups are denied to access to this computer from the Local Users network Which users and groups are denied to logon as a batch job ? Local Users Which users and groups are denied to logon as a service ? Local Users Which users and groups are denied to logon locally ? Local Users ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 21 Security Check Expected Value Which users and groups are denied to logon through Terminal Services ? Which users and groups are allowed to Enable computer and user accounts to be trusted for delegation ? Which users and groups are allowed to Force shutdown from a remote system ? Which users and groups are allowed to Generate security audits ? Local Users Which users and groups are allowed to Increase scheduling priority ? Which users and groups are allowed to Load and unload device drivers ? Which users and groups are allowed to Lock pages in memory ? Which users and groups are allowed to Log on as a batch job ? Administrators Administrators Security Compliance Administrators Administrators LOCAL SERVICE NETWORK SERVICE Which users and groups are allowed to Impersonate a client after Administrators authentication ? IIS_IUSRS LOCAL SERVICE NETWORK SERVICE SERVICE Which users and groups are allowed to Increase a process working set ? Local Users Which users and groups are allowed to Log on as a service ? USER RIGHTS ASSIGNMENT Which users and groups are allowed to Log on locally ? Which users and groups are allowed to Manage auditing and security log ? Administrators Administrators Backup Operators IIS_IUSRS Administrators IIS_IUSRS LOCAL SERVICE Administrators Backup Operators Users Administrators Which users and groups are allowed to Modify an object label ? Administrators Which users and groups are allowed to Modify firmware environment values ? Administrators Which users and groups are allowed to Perform volume maintenance tasks Administrators Which users can use performance monitoring tools to monitor the performance of nonsystem processes ? (Profile single process) Administrators Which users can use performance monitoring tools to monitor the performance of system processes ? Administrators Which users and groups are allowed to Remove computer from docking Administrators station ? Which users and groups are allowed to Replace a process level token ? LOCAL SERVICE NETWORK SERVICE Which users and groups are allowed to Restore files and directories ? Administrators Backup Operators Which users and groups are allowed to Shut down the system ? Administrators Backup Operators Which users and groups are allowed to Synchronize directory service data ? Administrators Which users and groups are allowed to Take ownership of file or other Administrators objects ? ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 22 ANNEXURE C: IP-wise Compliance & Actionable Report Detailed Compliance Report for IP - 10.1.2.9 - WinXP ANTIVIRUS Sr. No. 1 2 3 Compliance True True True Check Name Is Antivirus Auto-Protect Enabled Is Antivirus Present Is Antivirus Updated Result Enabled Enabled Enabled Compare Logic = = = Expected Value Enabled Enabled Enabled Check Name Audit account logon events Result Failure Compare Logic && Expected Value Failure Check Name Automatic Update Status Result Compare Logic Automatically download recommended updates for = my computer and install them Expected Value Automatically download recommended updates for Check Name TM Build Number Trend Micro Pattern Date Trend Micro Program Version Result 1083 20110824 10.5 Compare Logic >= Should Contain Should Contain Expected Value 0 Compare Logic >= Expected Value 1024 AUDIT POLICY Sr. No. 1 Compliance True AUTO UPDATE Sr. No. 1 Compliance True CUSTOM REGISTRY Sr. No. 1 2 3 Compliance True True True EVENTLOG SCAN Sr. No. 1 2 3 Compliance True True True Check Name Result Maximum Application Log Size [in KiloBytes] 16384 Maximum Security Log Size [in KiloBytes] Maximum System Log Size [in KiloBytes] 16384 16384 Check Name Is Firewall Enabled Result Disabled >= >= 1024 1024 FIREWALL POLICIES Sr. No. 1 Compliance True Compare Logic = Expected Value Disabled INFORMATIONAL CHECKS Sr. No. 1 Compliance True Check Name Installed Hotfixes 2 3 4 True True True Last Logged In User Last System Boot Up Time Network File Shares 5 6 False True Non-NTFS Partitions Process Scan 7 True Services Installed 8 True Softwares Installed 9 True Softwares Installed - Full Details Result Compare Logic KB2079403 Should Contain KB2141007 KB2286198 workgroup\testuser Should Contain 26/08/2011 10:09:54 Should Contain ADMIN$ Should Contain C$ IPC$ D$ C$ Should Contain C:\Windows\system32\csrss.exe Should Contain C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\svchost.exe C:\Windows\Explorer.EXE Cryptographic Services Should Contain DCOM Server Process Launcher DHCP Client DNS Client COM+ Event System Server Workstation Microsoft .NET Framework 3.5 SP1 Should Contain Adobe Flash Player 10 ActiveX Intel(R) Graphics Media Accelerator Driver Windows XP Service Pack 3 Microsoft .NET Framework 3.5 SP1 Should Contain Security Update for Microsoft .NET Framework 3.5 SP1 Hotfix for Microsoft .NET Framework 3.5 SP1 Hotfix for Microsoft .NET Framework 3.5 SP1 Update for Microsoft .NET Framework 3.5 Expected Value Result Enabled Enabled Enabled Disabled Enabled Expected Value Enabled Enabled Enabled Disabled Enabled MISCELLANEOUS HARDENING Sr. No. 1 2 3 4 5 6 Compliance True True True True True True Check Name Access to Internet Explorer Security Page Access to Registry Editing Tools Allow Saving of Passwords for Forms Automatic Logon of Users of Workstation Changing of Internet Explorer Advanced Page Settings Simple TCP/IP Services Disabled Compare Logic = = = = = = Disabled ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 23 Detailed Compliance Report for IP - 10.1.2.9 - WinXP PASSWORD POLICY Sr. No. 1 2 3 4 5 6 7 Compliance True True True True True True True Check Name Account Lockout Duration [in number of minutes] Account Lockout Threshold Enforce Password History Maximum Password Age [in number of days] Minimum Password Age [in number of days] Minimum Password Length Reset Account Lockout Counter After [in number of minutes] Result 20 Compare Logic = Check Name Is Screen Saver Activated Is Screen Saver Secured Screen Saver Timeout Duration [in number of seconds] Result Enabled Enabled 900 Compare Logic = = = Expected Value Enabled Enabled 900 Check Name Accounts: Limit local account use of blank passwords to console logon only Devices: Allow undock without having to log on Devices: Allowed to format and eject removable media Devices: Prevent users from installing printer drivers Devices: Restrict CD-ROM access to locally logged-on user only Devices: Restrict floppy access to locally logged-on user only Devices: Unsigned driver installation behavior Result Enabled Compare Logic = Expected Value Enabled 3 2 30 1 8 10 = = = = >= <= Expected Value 20 3 2 30 1 8 10 SCREENSAVER Sr. No. 1 2 3 Compliance True True True SECURITY OPTIONS Sr. No. 1 Compliance True 2 True 3 True 4 True 5 True 6 True 7 True 8 True 9 True 10 True 11 True 12 True 13 True 14 True 15 True 16 True 17 True 18 True 19 True 20 True 21 True 22 True 23 True 24 True 25 True 26 True 27 True 28 True Enabled = Enabled Administrators = Administrators Disabled = Disabled 0 = Disabled 0 = Disabled Warn but allow installation = Warn but allow installation Domain controller: Allow server operators to schedule tasks Domain member: Maximum machine account password age [in number of days] Domain member: Require strong (Windows 2000 or later) session key Interactive logon: Do not display last user name Interactive logon: Do not require CTRL+ALT+DEL Interactive logon: Message text for users attempting to log on Enabled = Enabled Interactive logon: Message title for users attempting to log on Interactive logon: Number of previous logons to cache (in case domain controller is not available) [in number of logons] Interactive logon: Prompt user to change password before expiration [in number of days] Interactive logon: Require Domain Controller authentication to unlock workstation Microsoft network client: Digitally sign communications (if server agrees) Microsoft network client: Send unencrypted password to third-party SMB servers Microsoft network server: Amount of idle time required before suspending session [in number of minutes] Microsoft network server: Digitally sign communications (always) Microsoft network server: Digitally sign communications (if client agrees) Microsoft network server: Disconnect clients when logon hours expire Network access: Do not allow storage of credentials or .NET Passports for network authentication Network access: Let Everyone permissions apply to anonymous users Network access: Named Pipes that can be accessed anonymously Information Security Notice = 5 = You are about to enter a Private Network that is intended for the authorized use of a Private Company and its affiliate companies 'Information Security Notice' 5 10 = 10 Enabled = Enabled Enabled = Enabled Disabled = Disabled 30 >= 30 Disabled = Disabled Enabled = Enabled Disabled = Disabled You are about to enter a Private Network that is intended for the authorized use of a Private Company and its affiliate companies 15 Should Contain >= 15 Disabled = Disabled Disabled = Disabled Enabled = Enabled Disabled = Disabled = Disabled Disabled browser COMNAP COMNODE SQL\QUERY SPOOLSS LLSRPC Network access: Remotely accessible registry System\CurrentControlSet\Control\ProductOption paths s System\CurrentControlSet\Control\Server Applications Software\Microsoft\Windows NT\CurrentVersion Should Contain Network access: Shares that can be accessed anonymously Should Contain COMCFG DFS$ Should Contain ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 24 Detailed Compliance Report for IP - 10.1.2.9 - WinXP 29 False Network access: Sharing and security model for local accounts Guest only - local users authenticate as Guest = Classic - local users authenticate as themselves 30 True = Disabled True Disabled = Disabled 32 True Disabled = Disabled 33 True Network security: Do not store LAN Manager hash value on next password change Recovery console: Allow automatic administrative logon Recovery console: Allow floppy copy and access to all drives and all folders Shutdown: Allow system to be shut down without having to log on Disabled 31 Enabled = Enabled Check Name Connected Usb Devices Result Kingston DT 101 II USB Device at 04/12/2009 01:36:12 PM Motorola Phone USB Device at 07/08/2009 02:35:32 PM JetFlash TS4GJFV60 USB Device at 09/02/2009 11:07:25 AM Enabled Disabled Compare Logic Should Contain Result Disabled Disabled workgroup\Domain Admins CBWSDT018\Administrator Administrator Administrator Guest Guest Compare Logic = = Should Contain Result NETWORK SERVICE Authenticated Users Compare Logic Should Contain USB DEVICES Sr. No. 1 2 3 Compliance True False True USB Driver Status USB Port Status = = Expected Value Disabled Disabled USER ACCOUNTS Sr. No. 1 2 3 4 Compliance True False True True Check Name Is Guest Account Active Is User an Administrator Local Administrators Local Users Expected Value Disabled Enabled Should Contain USER RIGHTS ASSIGNMENT Sr. No. 1 Compliance True Check Name Access this computer from the network 2 3 4 True True True Act as part of the operating system Add workstations to domain Adjust memory quotas for a process 5 True Allow logon through Terminal Services 6 True Back up file and directories 7 True Bypass traverse checking 8 9 True True Change the system time Create a global objects 10 11 12 13 True True True True Create a pagefile Create a token object Create permanent shared objects Debug programs 14 True 15 16 17 True True True Deny access to this computer from the network Deny logon as a batch job Deny logon as a service Deny logon locally 18 19 True True 20 21 True True Deny logon through Terminal Services Enable computer and user accounts to be trusted for delegation Force shutdown from a remote system Generate security audits 22 True Impersonate a client after authentication 23 24 True True Load and unload device drivers Log on as a batch job 25 True Log on as a service 26 True Log on locally 27 True Manage auditing and security log 28 True Take ownership of file or other objects Administrators Administrators LOCAL SERVICE NETWORK SERVICE Administrators Remote Desktop Users Administrators Users Authenticated Users Administrators Backup Operators Everyone Users Power Users Everyone Administrators SERVICE INTERACTIVE Administrators Administrators Authenticated Users Guest SUPPORT_388945a0 Guest SUPPORT_388945a0 ASPNET ASPNET Administrators LOCAL SERVICE NETWORK SERVICE Administrators SERVICE ASPNET Administrators SUPPORT_388945a0 ASPNET NETWORK SERVICE ASPNET Administrators Backup Operators Users Power Users Guest Administrators Authenticated Users Administrators Authenticated Users Should Contain Should Contain Should Contain Expected Value 'Administrators' Should Contain Should Contain 'Authenticated Users' 'Administrators' 'Users' Should Contain Should Contain Should Contain Should Contain Should Contain Should Contain Should Contain 'Everyone' 'Authenticated Users' 'Administrators' Should Contain Should Contain Should Contain Should Contain Should Contain Should Contain Should Contain Should Contain 'Administrators' Should Contain Should Contain Should Contain Should Contain Should Contain Should Contain Should Contain 'Authenticated Users' 'Administrators' 'Authenticated Users' 'Administrators' ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 25 ANNEXURE D: Software Statistics: Undesired Software List During our scan we found a list of potentially undesirable software installed on some desktops, details of which are given below: Location: (Location/Dept. 1, Location/Dept. 2, Location/Dept. 3, Location/Dept. 4) Software Count µTorrent 11 AceFTP 3 Freeware 1 BitTorrent 8 Core FTP LE 2.1 1 CuteFTP 8 Home 4 CuteFTP 8 Professional 1 Dropbox 4 FileZilla (remove only) 9 FileZilla Client 3.3.2 13 GoToMeeting 4.0.0.320 1 Ipswitch WS_FTP Professional 2007 1 Juniper Networks Secure Meeting 6.3.0 5 Juniper Networks Secure Meeting 7.0.0 1 LeechFTP 1 Picasa 3 25 SmartFTP Client 1 TeamViewer 5 9 TeamViewer 6 21 TightVNC 1.2.9 2 UltraVNC 1.0.8.2 37 UltraVNC v1.0.2 232 VNC 3.3.4 1 VNC Free Edition 4.1.2 64 WebEx 59 WinSCP 4.3.3 3 WinVNC 3.3.3 BlackBerry Desktop Software 6.0 58 BlackBerry Desktop Software 6.0.1 3 BlackBerry® Media Sync 10 Huawei Access Manager 24 HUAWEI Mobile Connect 10 Nokia Ovi Suite 9 Nokia PC Connectivity Solution 8 Nokia PC Internet Access 1 Nokia PC Suite 40 Category Description Remote Desktop / File sharing Such software can allow a remote party to view and interact with the user’s desktops and transfer files to and from it. 23 ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 26 Software Count nokian73 1 PC Connectivity Solution 50 Photon+ Access Manager 1.0 4 Reliance 3G 5 Reliance Netconnect - Broadband+ 158 Reliance Netconnect+ 18 Samsung ML-2850 Series 7 Samsung Mobile phone USB driver Software 4 SAMSUNG Mobile USB Modem 1.0 Software 5 SAMSUNG Mobile USB Modem Software 5 Samsung New PC Studio 4 Samsung PC Studio 5 Sony Ericsson PC Suite 1 Sony Ericsson PC Suite 6.011.00 1 TATA Indicom Dialer 6 Tata Photon+ 10 Digsby 2 Google Talk (remove only) 73 IP Messenger for Win 1 MSN 31 MSN Messenger 7.5 30 Skype? 5.5 3 Spark 2.5.8 20 Windows Live Messenger Yahoo! Messenger Zoosk Messenger 3GP Converter 2010 88 374 1 1 1 3GP Player 2008 2 Acez All Audio Converter v3.0 1 Adobe Media Player 23 Adobe Shockwave Player 11.5 134 Agile iPhone Video Converter 1 AIFF MP3 Converter v3.2 build 977 2 Aiseesoft TS Video Converter 1 All Video Converter 4.3.1 1 Any DVD Converter Professional 3.6.2 1 Apex Video Converter Super 6.39 1 Avro Converter 0.6.0 1 AVS Video Converter 7 1 A-Z Free Video Converter 7.15 1 BitComet FLV Converter 1.0 1 Category Independent Internet Connectivity and Manager Description These utilities can be used with respective USB modem/data card to bypass your corporate Internet Filtering, hence giving all open Internet access. Critical data can be leaked through this channel as it is not monitored. ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 27 Software Count CDA to MP3 Converter v3.2 build 1159 1 dBpowerAMP Music Converter 2 DivX Converter 9 DivX Player 11 DivX Web Player 10 DJ Engine 7.0 Professional 9 Easy Graphic Converter 1.2 1 Easy Image Converter 1.3.2.1 1 Emicsoft FLV Converter 1 Emusic - 50 FREE MP3s from eMusic! 6 FLV Player 1.3.2 FormatFactory 2.50 6 Free 3GP Video Converter version 3.5 2 Free MXF 2 MOV Converter Pro 1 Freez FLV to AVI/MPEG/WMV Converter 1 Freez FLV to MP3 Converter 1 GOM Player 14 iMesh 1 iTunes 77 iWisoft Flash SWF to Video Converter 3.4 1 Media Go 2 Metacafe 1 Microsoft Works 6-9 Converter 8 mp3-2-wav converter 1.14 1 OJOsoft Total Video Converter 2 Pavtube Video Converter version 3.5.1.2345 1 PlayStation(R)Network Downloader 2 PlayStation(R)Store 2 Prism Video File Converter 1 RealPlayer 66 RealPlayer G2 1 Roxio CinePlayer 14 SA31xx Device Manager & Media Converter 1 SmartMovie Converter 1 Total Video Converter 3.10 5 Total Video Player 1.03 1 Video to iPod MP4 PSP 3GP Converter 1 4 VideoLAN VLC media player 0.8.1 100 VideoLAN VLC media player 0.8.5 36 Videora iPhone Converter 5.04 1 VLC media player 1.0.0-rc1 11 Category Description Instant Messaging and Video Conferencing Using instant messaging software users can chat and share data, where as video conferencing is use to provide customers with instant multi-user video conferencing. ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 28 Software Count VLC media player 1.1.2 65 Winamp 9 WinX Free WMV to 3GP Converter 2.0.6 1 Ahead Nero Burning ROM 54 Ahead Nero BurnRights 43 Nero 6 Demo 1 Nero 8 Essentials 1 Nero BurnRights 22 Nero OEM 33 Nero Suite 9 PowerDVD 58 PowerDVD DX PowerDVD OD 14 Roxio Creator DE 33 Roxio Creator DE 10.3 6 Roxio MyDVD Basic v9 6 Microsoft Network Monitor 3.1 1 Microsoft Network Monitor 3.4 2 Microsoft Network Monitor: Microsoft Parsers 3.2 1 Nmap 5.21 2 Packet Tracer 5.2 1 PRTG Network Monitor 1 SolarWinds IP Address Tracker 1 Wireshark 0.99.5 1 Wireshark 1.4.3 1 Wireshark 1.4.6 1 2in1 Coundition Zero 1.1&Counter-Strike 1.6(build 2738) 7 99 Puzzle and Logic 1 Angry Birds 2 Angry Birds Rio 1 CricketWebPlayer 1.0.1 1 GAME, NET & MATCH! 1 JumpStart Advanced Preschool 1 JumpStart Advanced PreSchool Explore and Learn 1 JumpStart Art for Fun 1 Loco Mania 1.0 1 PacMania 2 1 RoadRash 1 Time of War Demo 1 Apple Mobile Device Support 68 Category Description Data Burning Softwares It can be used to transfer critical data onto devices such as CD, DVD Network/Traffic Monitoring and Hacking Tools These softwares can be used to gather critical details such as network maps, open ports, OS vulnerabilities etc, which can misused by some malicious user. Games Such software’s can consume the network bandwidth also slowdown the system performance Potential These programs 11 ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 29 Software Count Category Description AviSynth 2.5 2 Cain & Abel v4.9.35 1 Unwanted software Caricature Studio Green 3.6 1 can install spyware on the systems on which they are installed. Conduit Engine 21 Internet Download Manager 5 K-Lite Codec Pack 2.63 Standard 18 K-Lite Mega Codec Pack 4.8.5 1 K-Lite Mega Codec Pack 5.6.1 1 Kundli 5.0 1 Kundli for Windows (Lite Edition) Kundli for Windows v4.5 (Demo) 1 Samsung Kies 2 Wondershare Free YouTube Downloader(Build 1.1.20) 1 YouTube Downloader 2.5.3 2 Youtube Downloader 3.8 (20101109) 2 YouTube Downloader App 2.03 1 1 Note: The above results are based on MIEL’s interpretation, if there are business requirements for any of the above, they can safely be ignored. ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 30 ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 31 Frequently Asked Questions (FAQs): Q What types of checks does the MIEL Endpoint Diagnostic Service cover? The MIEL Endpoint Diagnostic Service is purely focused on technical checks that relate to security. The Service covers a large number of security settings such as the audit policy, user rights, password policy, screen saver policy, antivirus and firewall checks as well as a host of other policies that can be enforced locally or from a domain controller. The service is capable of checking all the security settings that can be set using the Windows security policy interface. It also covers additional informational checks that can give a clearer idea as to the policy compliance of systems. Some of these additional checks include auditing installed software and monitoring USB storage devices such as external hard drives and pen drives. We are constantly adding new checks and innovative features that benefit our clients. Q Will it impede my business in anyway? The MIEL Endpoint Diagnostic Service performs scans that are non-invasive and do not modify any settings or data on any systems. The scans do not impact a system's performance and may be performed during production. Network usage is also extremely efficient, using Microsoft's Windows Communication Foundation to ensure encrypted results and low utilization of network resources. Q Does the Service include scans across the geographies that I operate? MIEL Endpoint Diagnostic Service performs scans across all geographies remotely provided there is Internet connectivity above 128 Kbps. Q Can I view at a glance all Non-compliances in my organization? MIEL Endpoint Diagnostic Service provides comprehensive graphs which depict the state of both compliance and non-compliance of all the endpoints covered in the scan. Q Can you provide reports customized to our needs? MIEL Endpoint Diagnostic Service will customize the report including graphs and executive summary as per your requirements. Major customizations may be charged additionally. Q Can MIEL Endpoint Diagnostic Service provide me with an inventory of all the software running on my endpoints? Yes, MIEL Endpoint Diagnostic Service can be used to generate a complete software inventory. If you provide us with your purchased license details, we can co-relate the results of the scan to identify gaps in license compliance. Q What is the duration for a typical scan to be completed? MIEL Endpoint Diagnostic Service performs scans across multiple endpoints in parallel, and the scan takes around one minute per endpoint. Typically a scan on a hundred endpoints may take up to 15 minutes. The first time a scan is performed, involves setting up the pre-requisites for the service. It is ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 32 preferable to let the pre-requisites propagate to the maximum number of systems, so scans can be started on the day after the setup of the pre-requisites. Q How do I monitor compliance over a period of time? MIEL Endpoint Diagnostic Service reports offer trend-analysis that indicates the state of compliance over a period of time. Q Can I scan against my own existing corporate policies? Yes, if you provide us with your corporate security policy, we can perform the scan against it. Q What are the types of compliance covered by the service? Leveraging MIEL’s experience with auditing against information security standards, MIEL Endpoint Diagnostic Service covers all major compliances including PCI/DSS, ISO27001, HIPAA, SOX and NIST80053 standards. Q What hardware do I need to provide? A single desktop class system can be provided for scanning at each location. Alternatively, VPN connectivity to the locations to be scanned can be provided. Q Do I need to install any software on my endpoints? MIEL Endpoint Diagnostic Service operates on an agent-less model, so no software needs to be installed on the endpoints to be scanned. Q Will MIEL Endpoint Diagnostic Service work in a non-domain environment? MIEL Endpoint Diagnostic Service covers scan of any system which meets the minimum pre-requisites, regardless of whether it belongs to a domain or not. The domain, however, may make it easier to set systems up to meet the pre-requisites that are necessary for the scan. Q How much network bandwidth / CPU time does the Service use? MIEL Endpoint Diagnostic Service uses a negligible amount of bandwidth. Any corporate intranet or high-speed Internet connection will suffice. However, it is necessary that the endpoints and the aggregator are located on the same intranet (or equivalent LAN speed link) to allow the scan to occur. Q What operating systems does MIEL Endpoint Diagnostic Service support for auditing? The MIEL Endpoint Diagnostic Service can be used to scan any current Microsoft Windows family of operating systems from Windows 2000 onwards. ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 33 ENDPOINT DIAGNOSTIC REPORT | CONFIDENTIAL 34