Ohh! very nice
8:22 a.m.
Have you installed Firewalls or similar devices at the boundaries of the networks in the Scope? | |
Have the default usernames/passwords on all boundary firewalls (or similar devices) been changed to a strong password | |
Have all open ports and services on each firewall (or similar device) been subject to justification and approval by an appropriately qualified and authorised business representative, and has this approval been properly documented? | |
Have all commonly attacked and vulnerable services (such as Server Message Block (SMB) NetBIOSm tftp, RPC, rlogin, rsh, rexec) been disabled or blocked by default at the boundary firewalls? | |
Confirm that there is a corporate policy requiring all firewall rules that are no longer required to be removed or disabled in a timely manner, and that this policy has been adhered to (meaning that there are currently no open ports or services that are not essential for the business)? | |
Confirm that any remote administrative interface has been disabled on all firewall (or similar) devices? | |
Confirm that where there is no requirement for a system to have Internet access, a Default Deny policy is in effect and that it has been applied correctly, preventing the system from making connections to the Internet | |
Have all unnecessary or default user accounts been deleted or disabled | |
Confirm that all accounts have passwords, and that any default passwords have been changed to strong passwords? | |
Has all unnecessary software, including OS utilities, services and applications, been removed or disabled | |
Has the Auto Run (or similar service) been disabled for all media types and network file shares? | |
Has a host based firewall been installed on all desktop PCs or laptops, and is this configured to block unapproved connections by default? | |
Is a standard build image used to configure new workstations, does this image include the policies and controls and software required to protect the workstation, and is the image kept up to date with corporate policies? | |
Do you have a backup policy in place, and are backups regularly taken to protect against threats such as ransomware? | |
Are security and event logs maintained on servers, workstations and laptops? | |
Are user account requests subject to proper justification, provisioning and an approvals process, and assigned to named individuals? | |
Are users required to authenticate with a unique username and strong password before being granted access to computers and applications? | |
Are accounts removed or disabled when no longer required? | |
Are elevated or special access privileges, such as system administrator accounts, restricted to a limited number of authorised individuals? | |
Are special access privileges documented and reviewed regularly (e.g. quarterly)? | |
Are all administrative accounts only permitted to perform administrator activity, with no Internet or external email permissions? | |
Does your password policy enforce changing administrator passwords at least every 60 days to a complex password? | |
Please confirm that malware protection software has been installed on at least all computers with an ability to connect outside of the network in Scope | |
Does corporate policy require all malware protection software to have all engine updates applied, and is this applied rigorously? | |
Have all malware signature files been kept up to date (through automatic updates or through centrally managed deployment)? | |
Has malware been configured for on-access scanning, and does this include downloading or opening files, opening folders on removable or remote storage, and web page scanning? | |
Has malware protection software been configured to run regular (at least daily) scans? | |
Are users prevented from running executable code or programs form any media to which they also have write access? | |
Are users prevented from accessing known malicious web sites by your malware protection software through a blacklisting function? |