Desktop App ChecklistWord格式.docx

上传人:b****5 文档编号:16626661 上传时间:2022-11-24 格式:DOCX 页数:153 大小:480.21KB
下载 相关 举报
Desktop App ChecklistWord格式.docx_第1页
第1页 / 共153页
Desktop App ChecklistWord格式.docx_第2页
第2页 / 共153页
Desktop App ChecklistWord格式.docx_第3页
第3页 / 共153页
Desktop App ChecklistWord格式.docx_第4页
第4页 / 共153页
Desktop App ChecklistWord格式.docx_第5页
第5页 / 共153页
点击查看更多>>
下载资源
资源描述

Desktop App ChecklistWord格式.docx

《Desktop App ChecklistWord格式.docx》由会员分享,可在线阅读,更多相关《Desktop App ChecklistWord格式.docx(153页珍藏版)》请在冰豆网上搜索。

Desktop App ChecklistWord格式.docx

UpdatedforSTIGVersionChange3.1

VariousSections

Updatedfornewmobilecoderequirements

Section2.3.1

UpdatedforSymantecVersion10.x

Section2.3.2

UpdatedforMcAfeeVersion8.x

Section2.4.2

IEupdatedJavaPermissions

Section2.7

Updatedwithindicatorofwhenthecheckapplies

Section2.8

AntiSpyware–newsection

Version3.1.2

DTAS017

UpdatedtoaddinformationforVersion10.x

DTAS069

Updatedtohavecorrectvalueofthekey

DTAS040

DESKTOPAPPLICATIONCHECKLIST-SCRIPTCHECKPROCEDURES

ThissectionoftheChecklistprovidestheprocedurestobeusedtoconductself-assessmentandreviewsSRRfortheDesktopApplicationSTIGrequirementsusingtheautomatedtoolsdevelopedandmaintainedbyDISAFieldSecurityOperations(FSO).Thereviewerusestheoutputofthesescriptstoanalyzeanddocumentpotentialsecurityvulnerabilitiesonthereviewedsystem.

1.UseVersion2.0oftheGoldDisktoconductthereview.InserttheCDandthendoubleclickonthepgd.exe.ThiswillcausetheGolddisktolaunchandevaluatewhatproductsarethesystembeingreviewed.

2.

3.Uponsuccessfulcompletionoftheinitialscan,thelowerrighthandpanewillidentifyalltheapplicationsthatarepresentonthemachine.TheDesktopreviewprocessincludesthefollowingproducts:

4.

Antivirus

MacAfee

Symantec

Browsers

Netscape

InternetExplorer

OfficeAutomation

Word

Excel

Access

FrontPage

Outlook

PowerPoint

TherearealsogeneralchecksthatareincludedthatarecalledDesktopApplicationGeneral.Thesechecksapplytoallmachines.ThereisagroupofchecksthatarecalledDesktopApplication–Remote.ThisgroupofchecksappliesifthemachineconnectstoaDoDremotelye.g.,Laptop.

UponexecutionofthestartupGUI,clicktheEvaluateAssetbutton.TheGUIisbrokendownintoseveralbranches.Inordertoperformareview,thereviewermustknowwhatapplicationsarepartsofthereview(listedabove).Onlytheapplicationsactuallyinstalledonthemachinewillbeevaluated.Pleasenoteforallthe‘documentable’findings,thesefindingsshouldbeuploadedintoVMS6.0inanOpenstatus

5.InordertocreateanXMLfile,selectReports,thenVMS6.x.ThiswillcauseadialogboxtoappearwhichwillaskforafilenamefortheVMSimportfile.

6.

7.LogontoVMS.Iftheassetisnotregistered–theassetwillbeaddedduringtheupload.Iftheassetexists,itwillbeupdatedwiththeresultsfromtheGoldDisk.

8.

9.Ifamanualregistrationisdonethefollowingitemsareofnote:

10.

11.ManualRegistration:

YouwillfindtheappropriateselectioncriteriabyselectingComputing.Thenselectingtheyellowfolder.EnsurethatinadditiontotheminimumrequiredfieldsforVMSthefollowingfieldsarepopulatedthefollowingfields:

12.

Underthe:

GeneralTab

HostName:

Entermanually

Description:

EnterManually

Ensureallrequiredfileswhicharedesignatedwithan*arecorrect

AssetIdentification

IPAddress(ensuretoclicktheaddbuttonbytheIPaddresswindow)

MACAddress(ensuretoclicktheaddbuttonbytheMacwindow)

AssetPosture

Underthistabexpandthecomputinglocatedontheleft,godownthrougheachitem,andselectwhatisapplicabletothesystemyouareregistering.Onceyoucheckaselectionyoumustclickthe>

andensureitisaddedtotheselectedboxontheright

AWindowsassetmustalsohavearole(aworkstation,memberserver,ordomaincontrollerassigned).Pleaseensurethatthecorrectroleisassigned.

Clickthesavebutton,ifthisisnotclickedyouwillloseyourselections.

Function

Selectassetfunctionfromtheleftwindowandclickthe>

arrowtoaddittotheselectedwindow

AdditionalInformation

Fillintheadditionalinformationasrequired

Ensureyouclickthesavebuttonoryouwilllosetheinformation,ifthishappenstheassetwillbecreatedandyoucanmodifyitatthattime.Donotrecreatethesameasset.

Clickthesavebuttontoensureallyourworkissaved.Theassetisnotregisteredwiththerequiredchecks.

Aftersuccessfulregistration,inadditiontothe‘expected’Windowscheck,therewillalsobeDesktopGeneralchecksandIEChecks.Thisisexpected.WithVMS6.0,thesevulnerabilitiesfromtheDesktopSTIGareshownonWindowsAssets

13.UploadresultsintoVMSbyNavigatingtoAssetFindingMaint.

14.

AnSAshouldchooseLocation,thenClicktheblueXMLarrowiconlocatedattherightof‘Computing’.Thiswillpromptforthenameafiletobeuploaded.Thisprocesswillregistertheassetifitdoesn’texist.

AreviewershouldchooseVisit,thenClicktheblueXMLarrowiconlocatedattherightof‘Computing’.Thiswillpromptforthenameafiletobeuploaded.Thisprocesswillregistertheassetifitdoesn’texist.

Afterupload,reviewtheEnclavethattheassetistiedtobynavigatingtothe‘Systems/Enclaves’taboftheasset.SelecttheAppropriateEnclave.Iftheenclaveisnotpresent,contacttheIAMorteamleadtodetermineiftheenclavehasbeenrequested,Click‘>

>

’,Click‘Save’.

DESKTOPAPPLICATIONCHECKLIST-MANUALCHECKPROCEDURES

ThissectionoftheChecklistprovidestheprocedurestobeusedtoconductamanualSRRfortheDesktopApplicationSTIGrequirements.Theresultsfromtheproceduresdocumentedinthissectioncanberecordedonacopyofsection2,SRRResultReport.

1.1ToolsUsed

1.2

ToconductamanualreviewofcompliancewiththeDesktopApplicationSTIGrequirements,itisnecessarytousesometoolsthatareprovidedwiththeWindowsoperatingsystem.Thissectiondescribestheindividualtoolsandprovidesexamplesoftheappearanceofthosetools.

EditFileTypeFacility

TheEditFileTypefacilityisusedtomanuallyverifyWindowsfiletypeproperties.ThisfacilityisaccessedthroughtheWindowsNTExplorerapplicationonWindowsNTortheWindowsExplorerapplicationonWindows2000.

OntheToolsmenu,selecttheFolderOptions…item.OntheFolderOptionswindow,selecttheFileTypestab.Afterselectingafiletype,selecttheEdit…buttonforWindowsNTortheAdvancedbuttonforWindows2000providesaccesstothefiletypeproperties.

ThefollowingexamplesshowtheappearanceofthefacilityonWindowsNT:

ThefollowingexamplesshowtheappearanceofthefacilityonWindows2000:

ItshouldbenotedthattheWindowsFolderOptionswindowincludescolumnheadingsthatcanbeusedtosorttheentriesbyextensionorfiletype.

FileVersionChecking

TomanuallychecktheversionofaWindowsfileitisnecessarytosearchforthefileandtonavigatetothefileversioninformation.Thiscanbedonethroughthe“Search|ForFilesorFolders…”facility.

FromtheWindowsStartmenuselecttheSearchitem.OntheSearchmenu,selecttheForFilesorFolders…item.Afterthefileisfound,rightclickonthefilename,selectthePropertiesitem,andselecttheVersiontab.ThefollowingexamplesshowtheappearanceofthefacilityonWindows:

ApplicationDialogs

Thissectionprovidesexamplesofthedialogwindowsthatareusedinthemanualapplicationchecks.

MSOutlookDialogs

TomanuallychecktheSecurityZonesettinginOutlookselecttheOptions…itemontheToolsmenu.OntheOptionswindow,selecttheSecuritytab.Thefollowingexampleshowstheappearanceofthedialog:

TomanuallychecktheAttachmentSecuritysetting(ifapplicable)inOutlook98or2000,selecttheAttachmentSecurity…buttonontheSecuritytabshownabove.Thefollowingexampleshowstheappearanceofthedialog:

MSOfficeDialogs

TomanuallychecktheMacroSecurityLevelsettinginthe2000and2002versionsofWord,Excel,PowerPoint,andOutlook,starteachapplicationandselecttheToolsmenuanditsMacroitem.OntheMacromenu,selecttheSecurity…item.OntheSecuritywindow,selecttheSecurityLeveltab.TheappearanceoftheSecurityLeveltabisthesameinalltheapplications.ThefollowingexampleshowstheappearanceofthedialoginOutlook2000:

WindowsRegistryEditor

Tomanuallycheckthevaluesofsomeapplicationoptions,itisnecessarytousetheWindowsRegistryEditor.Itcanbestartedusingtheregedt32.execommandataWindowscommandpromptorfromtheRun…itemontheStartmenu.FromtheOptionsmenu,selecttheReadOnlyModeitemtoensurethatnoupdatesareinadvertentlymade.ThefollowingexampleshowstheappearanceoftheRegistryEditor:

NOTE:

IfasystemisconfiguredinaccordancewiththeapplicableNSAguidanceontheinstalledWindowsoperatingsystem,theWindowsRegistryEditorwillbeaccessibleonlytouserswithadministrator-levelprivilege.ThereforechecksthatrequiretheuseoftheWindowsRegistryEditorwillrequirethataprivilegedusersignon.Tocheckuser-specific(i.e.,HKCU)keys,itmaybenecessarytousetheLoadHivefacility.

FileandDirectoryPermissionChecking

Therearemultiplewaystocheckfileanddirectorypermissions:

∙OnWindowsNTsystems,theDumpSecutilitycanbeused.DetailsontheusageofDumpSeccanbefoundinthesectionUsingDumpSecintheWindowsSecurityChecklistdocument.

∙OnWindows2000systems,theMicrosoftManag

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 高等教育 > 历史学

copyright@ 2008-2022 冰豆网网站版权所有

经营许可证编号:鄂ICP备2022015515号-1