The Microsoft Windows 2000 SRR targets conditions that
undermine the integrity of security, contribute
to inefficient security operations and administration,
or may lead to interruption of production
operations. Sites are required to secure the
Microsoft Windows 2000 operating system in
accordance with DOD Directive 8500.1, Section
4.18. The checks in this document were developed
from DISA and NSA guidelines. Additionally,
the review ensures the site has properly installed
and implemented the Windows 2000 operating
system and that it is being managed in a way
that is secure, efficient, and effective.
The items reviewed are based on standards
and requirements published by DISA in the
Security Handbook and other DoD Policy and
regulations. The results of the SRR scripts
will coincide with the Windows 2000 SRR Checklist
with the following: F- Finding, N/F- Not A
Finding, N/A- Not Applicable, MR -Manual Review,
or NR - Not Reviewed.
This document is designed to instruct the reviewer on how
to assess both the Professional and Member
Server configurations in a mixed Windows NT
4/2000 domain. In addition, the security settings
recommended can also be used to configure
Group Policy in a Windows 2000 Active Directory
environment.
The Windows 2000 Security Checklist is composed of five
major sections and five appendices:
- Section 1: This section contains summary information
about the sections and appendices that comprise
the Windows 2000 Security Checklist, and defines
its scope. Supporting documents consulted
are listed in this section.
- Section 2: This section is the matrix that allows the
reviewer to document vulnerabilities discovered
during the SRR process. The entries in this
table, sorted by Potential Discrepancy Item
(PDI), are mapped to procedures -referenced
by paragraph number- in Sections 3, and 5.
- Section 3: This section contains the administrative issues
that are discussed between the reviewer and
the System Administrator or the Information
Systems Security Officer (ISSO). The interview
outlined in this section may be performed
independent of the technical review discussed
in Sections 4 and 5.
- Section 4: This section documents the procedures that
instruct the reviewer on how to use the Windows
2000 Gold Disks for conducting security reviews.
- Section 5: This section documents the procedures that
instruct the reviewer on how to perform an
SRR manually, and to interpret the program
output for vulnerabilities. Each procedure
maps to a PDI tabulated in Section 2.
- Appendix A: This appendix documents the allowed Access
Control Lists (ACLs) for file and registry
objects. The tables contained in this section
are referenced in Sections 4 and 5.
- Appendix B: This appendix contains checks for IAVM compliance
to be done against a Windows 2000 machine.
- Appendix C: This appendix contains disclaimer information
related to the use of the Windows 2000 Gold
Disks.
- Appendix D: This appendix documents the procedures for
using the 'John the Ripper' password integrity
utility.
- Appendix E: This appendix documents the procedures for
using Microsoft's Group Policy Results command
line tool to determine the source policy for
specific settings. |