Professional Documents
Culture Documents
Practical Task # 3
Practical Task # 3
Practical Task # 3
For 1 lesson:
1. What is Availability?
Availability – is the concept authorized subjects are granted timely and
uninterrupted access to objects.
2. What is SLA?
A service-level agreement (SLA) is a commitment between a service provider
and a client. Particular aspects of the service – quality, availability,
responsibilities – are agreed between the service provider and the service user.
[1] The most common component of an SLA is that the services should be
provided to the customer as agreed upon in the contract
3. How to calculate SLA?
Index SLA = (time, when information asset is available)/365*24
4. How many hours datacenter was not available?
0,997
0,999
5. Internet channel was not available in May for 3 hours, in October for 5
hours, In December for 12 hours. What is index of availability?
For 2 lesson.
We will speak about baseline.
Lets prepare together baseline for Windows Server 2012 in user account
policy
Not defined
Best practices
Set Enforce password history to 24. This will help mitigate vulnerabilities
that are caused by password reuse.
Not defined
Best practices
Set Maximum password age to 60 days, depending on your environment.
This way, an attacker has a limited amount of time in which to compromise
a user's password and have access to your network resources.
Not defined
Best practices
Set Minimum password age to a value of 1 day. Setting the number of days
to 0 allows immediate password changes, which is not recommended.
If an administrator sets a password for a user and wants that user to change
the administrator-defined password, the administrator must select the User
must change password at next logon check box. Otherwise, the user will not
be able to change the password until the number of days specified by.
Possible values
User-specified number of characters between 0 and 14
Not defined
Best practices
Set Minimum password length value to 14. If the number of characters is set
to 0, no password is required. In most environments, a fourteen-character
password is recommended because it is long enough to provide adequate
security and still short enough for users to easily remember. This value will
help provide adequate defense against a brute force attack. Adding
complexity requirements will help reduce the possibility of a dictionary
attack. For more information, see Password must meet complexity
requirements.
Reference
The Store password using reversible encryption policy setting provides
support for applications that use protocols that require the user's password
for authentication. Storing encrypted passwords in a way that is reversible
means that the encrypted passwords can be decrypted. A knowledgeable
attacker who is able to break this encryption can then log on to network
resources by using the compromised account. For this reason, never enable
Store password using reversible encryption for all users in the domain unless
application requirements outweigh the need to protect password information.
Possible values
Enabled
Disabled
Not defined
Best practices
Set the value for Store password using reversible encryption to Disabled. If
you use CHAP through remote access or IAS, or Digest Authentication in
IIS, you must set this value to Enabled. This presents a security risk when
you apply the setting by using Group Policy on a user-by-user basis because
it requires opening the appropriate user account object in Active Directory
Users and Computers.
Firewall
Yes (default)
1. Practical task № 1.
Prepare security baseline for antimalware software policy, which includes scanning
schedule, rules for updating and checking usb devices and other requirements.
2. Prepare firewall security baseline for protection corporate lan from this
picture.