Showing posts with label Dahua. Show all posts
Showing posts with label Dahua. Show all posts

Friday, March 1, 2024

Cyber Scams on the Rise in India

Unmasking the Surge: Cyber Scams on the Rise in India 

Cybercrime refers to criminal activities that are carried out using computers, computer networks, or the internet as tools or target.  Thеsе illegal activities can take various forms and can encompass a wide range of actions,  from financial fraud and data theft to online harassment and cybеr espionage.

Alarming reports suggest a surge in cyberattacks in India during the first three months of 2023, with over 500 million attacks thwarted out of a billion global attempts, as per the 'State of Application Security Report'.

Almost half the complaints, 1.56 million, were registered in 2023. Since 2019, more than 66,000 FIRs have been filed across states and Union territories based on these complaints.

Cyber scams have witnessed a significant rise in India, with multiple factors contributing to this concerning trend. Let's delve into a detailed analysis of the reasons behind the increasing prevalence of cyber scams in the country:

1. Rapid Digitalization: 

India is experiencing a massive digital transformation, with a growing number of people embracing online platforms for various activities like banking, shopping, and communication. This increased digitalization has provided cybercriminals with a larger pool of potential targets and opportunities to exploit vulnerabilities in the digital ecosystem.

2. Rising Internet Penetration: 

The widespread availability of affordable smartphones and internet connectivity has led to a surge in the number of internet users in India. As the internet user base expands, so does the potential victim pool for cyber scammers.

3. Lack of Cyber Awareness: 

A significant portion of the Indian population, particularly in rural areas and older age groups, may not have adequate knowledge of cybersecurity best practices. This lack of awareness makes them more susceptible to falling prey to various cyber scams, such as phishing emails, fake websites, and lottery frauds.

4. Sophistication of Cybercriminals: 

Cybercriminals have become increasingly sophisticated in their techniques and tools, making it challenging for individuals and organizations to detect and protect against their attacks. Advanced phishing emails, malware, and social engineering tactics are some of the methods employed by cyber scammers to exploit their victims.

5. Inadequate Cybersecurity Infrastructure: 

Despite the increasing cyber threats, many organizations and individuals in India still lack robust cybersecurity infrastructure and practices. This inadequacy leaves them vulnerable to cyber attacks, data breaches, and financial losses.

6. Lack of Stringent Regulations: 

The absence of stringent cybersecurity regulations and penalties for cybercrime in India can be perceived as an opportunity by cyber scammers. The absence of severe consequences for perpetrators may embolden them to continue their illicit activities.

7. Increasing Online Transactions: 

The rise of e-commerce and digital payment platforms has led to a surge in online transactions. This digital financial ecosystem attracts cyber scammers who seek to exploit security loopholes and trick users into divulging sensitive financial information.

8, Insider Threats: 

Insider threats, where current or former employees with access to sensitive data engage in fraudulent activities, can pose significant risks to businesses and individuals alike.

9. Global Nature of Cybercrime: 

Many cyber scams originate from outside India, taking advantage of the borderless nature of the internet. These international cyber threats may pose jurisdictional challenges for law enforcement agencies and hinder effective prosecution.

Root Cause to this: -

The rapid digitalization, rising internet penetration, lack of cyber awareness, and the increasing sophistication of cybercriminals are some of the key reasons behind the rise of cyber scams in India.

To combat this growing menace, there is an urgent need for enhanced cybersecurity awareness, investment in robust security measures, and the formulation of stringent cybersecurity regulations.

Additionally, continuous education and training in cybersecurity best practices for individuals and organizations can play a vital role in thwarting cyber scammers and creating a safer digital environment for all. Do not install non-NDAA approved IP Camera, NVR etc. Do not use China Based origin brand IP camera NVR etc.

Here are other takeaways for 2023:

  • Imposter scams. Imposter scams remained the top fraud category, with reported losses of $2.7 billion. ...
  • Investment scams. While investment-related scams were the fourth most-reported fraud category, losses in this category grew. ...
  • Social media scams. ...
  • Payment methods. ...
  • Losses by age.

Cybercrime Laws In India

1.   Information Tеchnology Act, 2000 (IT Act): Thе Information Tеchnology Act,  2000,  is thе primary legislation that dеals with cybеrcrimеs in India.  It was amеndеd in 2008 to kееp up with еvolving tеchnology and cybеr thrеats.  Kеy provisions of thе IT Act includе:

2.   Sеction 43: This sеction dеals with unauthorizеd accеss to computеr systеms and data. It providеs for pеnaltiеs for unauthorizеd accеss,  downloading,  or introduction of computеr virusеs.

3.   Sеction 65: This sеction dеals with tampеring with computеr sourcе documеnts, and it imposеs pеnaltiеs for altеring,  damaging,  or dеlеting data with thе intеnt to causе damagе or harm.

4.   Sеction 66: This sеction addrеssеs computеr-rеlatеd offеnsеs, such as hacking,  and prеscribеs pеnaltiеs for unauthorizеd accеss to computеr systеms,  nеtworks,  or data.

5.   Sеction 66A (Rеpеalеd): Sеction 66A was controvеrsial and was struck down by thе Suprеmе Court of India in 2015 bеcausе it was dееmеd to bе infringing on frее spееch rights.

6.   Sеction 66B: This sеction dеals with dishonеstly rеcеiving stolеn computеr rеsourcеs or communication dеvicеs.

7.   Sеction 66C: It pеrtains to idеntity thеft and thе usе of somеonе еlsе’s idеntity for fraudulеnt purposеs.

8.   Sеction 66D: This sеction dеals with chеating by pеrsonation using a computеr rеsourcе.

9.   Sеction 67: This sеction addrеssеs thе publication or transmission of obscеnе matеrial in еlеctronic form and imposеs pеnaltiеs.

10.Sеction 69: This sеction providеs thе govеrnmеnt with thе powеr to intеrcеpt and monitor еlеctronic communications for rеasons rеlatеd to national sеcurity.

11.Sеction 70: This sеction dеals with thе protеction of critical information infrastructurе and providеs for thе appointmеnt of a National Critical Information Infrastructurе Protеction Cеntrе (NCIIPC).

12.Sеction 72: It dеals with thе brеach of confidentiality and privacy and imposеs pеnaltiеs for disclosing pеrsonal information without consеnt.

13.Information Tеchnology (Amеndmеnt) Act, 2008: This amеndmеnt act еxpandеd thе scopе of thе IT Act and introducеd provisions rеlatеd to data protеction,  data brеachеs,  and increased pеnaltiеs for cybеrcrimеs.

Tracking WhatsApp messages or any other form of electronic communication without proper legal authorization is typically illegal and a violation of privacy.  However, undеr certain circumstances and with appropriate legal processes,  law enforcement agencies and cybеr cеlls may bе able to access WhatsApp messages as part of a criminal investigation. WhatsApp usеs еnd-to-end encryption, which means that messages arе scramblеd and can only bе decrypted by thе intended recipient.  WhatsApp itself does not have accеss to thе content of messages. To access WhatsApp messages for investigative purposes’, law enforcement agencies typically nееd to obtain proper lеgal authorization,  such as a court-issued warrant or a lawful court order.

Government of India has banned 17 Chinese companies from participating in tenders in India and warned private companies that do business with government entities against using these Chinese products. This is being seen as a significant crackdown on Chinese products that were entering the country after changing their brand names and tying up with Indian entities, ostensibly to hide their place of origin, and thus impacting the strategic and security interests of India while benefiting the Chinese economy.

The companies that have been banned include Xp-pen, Highvision Hikvision, Lenovo, Dahua, Lava, Ottomate, Xolo, Airpro, Grandstream, Wi-Tek, Realtime, Maxhub, Nokia, Domino, Reputer and Tyco.

The Sunday Guardian, last year, had revealed about Chinese products being used in government public sector undertakings that are working in the strategic sectors (Indian PSUs continue reliance on Chinese equipment in strategic sectors, 26 February 2023).

As per the government order released on the last day of January, the Indian sellers of these Chinese brands and the catalogs uploaded by them have been removed from Government e Marketplace (GeM) and they are not eligible for participating in any bid on GeM. The order has also said GeM will cancel those orders where the products of these Chinese companies are found to be used for the bid.

Seventy products, the maximum on the list, that have been banned belong to Hangzhou Hikvision Digital Technology Co., Ltd., often shortened to Hikvision. Its Indian face is Prama Hikvision (India) Pvt. Ltd. It is one of the biggest suppliers to Indian government agencies.

Similarly, DNS overseas, which handles products brought from the Beijing-based Hanvon Ugee Group and is a big player in the tablet market in India, has been removed from the GeM portal.

Twenty two products made by Lenovo, including servers, have been banned. Not many are aware that Lenovo is of Chinese origin.

Lenovo, founded in 1984, is seen as a product of the Chinese Academy of Sciences (CAS)—the Chinese-government’s premier institution of scientific research. CAS is reported to have extensive ties to the Chinese military.

Five products of Zhejiang Dahua Technology Company Limited, a publicly traded company based in Binjiang District, Hangzhou, which manufactures video surveillance equipment and sells its products in India under the brand name “Dahua” also features on the banned list.

Nineteen products of Lava International, whose brand ambassador is actor Kartik Aaryan, and has used cricketer Mahendra Singh Dhoni in the past, too have been banned. Also put on the banned list are products made under the brand name “Ottomate”, which is also a part of the Lava group. The products that have been banned include smart phones, fans and tablets. While Lava is seen as an Indian company, its products are made in China and then sold in India under a new brand name.

Thirteen products of Airpro have been put on the banned list including routers and cameras.

Five products of Grandstream and W-Tek that are sold in India by Cohesive Technologies have been removed from the portal.

Thirty one products made by “Realtime” and sold by Realtime Biometrics India Private Limited companies that include boom barriers, biometric access system, CCTVs have been banned.

The government has also come down heavily on the Chinese entity, Maxhub that sells its products through Shiyuan India Private Limited. A total of 18 of its products have been banned.

Six products sold by Hmd Mobile India Private Limited that are made by Nokia have been banned. According to industry insiders, the banned products are being manufactured in China. The brand had launched a media blitzkrieg a few years ago to convince Indian nationals that it was not making its products in China.

Seven products made by Tyco and marketed in India by Tyco Safety Products (India) Private Limited, two of Domino sold in India by Domino Printech India Llp and one of Reputer sold domestically by Innovitiq have been banned.

However, what has piqued industry insiders and security watchers is that many entities with notable Chinese investments and control that are active in India have not been added to this list.

These include products made by Huawei, Alcatel Lucent—a French company now owned by Chinese promoters, TvT, Tiandy Technologies and Uniview. All these companies have a significant presence in India and have been dealing with government agencies for a long time now.

On 6 August 2020, a Registration Committee under Department of Expenditure Order was constituted under the chairpersonship of Manmeet Kaur Nanda, a 2000 cadre IAS officer, who was then Joint Secretary, Department for Promotion of Industry and Internal Trade, to consider applications received for registration of bidders from countries that share land border with India for participation in public procurement.

It is this committee that keeps an eye on the products from the identified countries and evaluates the risk, if any, that is poised by them. In November 2023, Nanda moved as Joint Secretary to the Cabinet Secretariat. Sources in Government of India said that this is not an exhaustive list and more companies will be added on the list as per inputs that the concerned officials will receive.

Saturday, July 1, 2023

AI, Cloud and Cybersecurity Open New Opportunities for Integrators

AI, Cloud and Cybersecurity Open New Opportunities for Integrators 

I was recently asked which technologies are going to have the most significant impact on the physical security industry in the next few years. With the rapid pace of change in technology today, there is no simple answer to this question.

One thing that is certain is that companies are under pressure to become more efficient, secure and operationally aware. That, in turn, is driving the need for real-time data capturing and processing from every part of their business, including security.

We are just beginning to see how emerging technologies and concepts such as artificial intelligence (AI), Cloud computing and cybersecurity are impacting our industry. As companies plan for the future, budgets are increasingly focused on innovative solutions that can help to process the growing amount of data being captured and consumed.

Manufacturers and systems integrators that understand this shift have been quick to identify opportunities to win new business through the introduction of value-added applications or new services capable of generating recurring monthly revenue.

We explore some of those technologies and opportunities below.


Artificial intelligence and analytics

AI analytics is the product of automating data analysis—a traditionally time-consuming and people-intensive task—using the power of today's artificial intelligence and machine learning technologies.

AI analytics refers to a subset of business intelligence that uses machine learning techniques to discover insights, find new patterns and discover relationships in the data. In practice, AI analytics is the process of automating much of the work that a data analyst would normally perform.

Customers are looking to AI and data analytics to gain better insight into their operations. These offerings can enable security-related intelligence or operational and customer insights. The key to AI is self-learning algorithms that, over time, get better at identifying certain targeted behaviors or transactions and reducing false positives.

We have also begun to see several chip manufacturers introduce next generation processors with AI built into the core firmware. As a result, systems integrators can expect to see many product innovations in 2018 focused on advanced video analytics, data integrations and application software.

The challenge for their customers will be clearly defining which data is most valuable to them, who will have access to it, and how to best manage it. Systems integrators can play a key role in this process by having those discussions with customers up front and encouraging a proof-of-concept phase before fully rollouts are undertaken.

 

Cloud-based services

Cloud based services provide information technology (IT) as a service over the Internet or dedicated network, with delivery on demand, and payment based on usage. Cloud based services range from full applications and development platforms, to servers, storage, and virtual desktops.

In addition to AI and data analytics capabilities, we are seeing demand from customers for Security-as-a-Service (SaaS) offerings. The combination of low, upfront capital costs and outsourced services has made Cloud-based video and access control popular, especially in the hospitality and small-to-medium enterprise markets. Examples of SaaS cloud service providers include Dropbox, G Suite, Microsoft Office 365, and Slack. In each of these applications, users can access, share, store, and secure information in “the cloud.”

As technology providers add more sophisticated applications and services to further drive customer insight and efficiencies, expect enterprise retail customers to begin moving to this model as well in 2018. For systems integrators, SaaS solutions can represent a recurring revenue stream and a great opportunity to generate new business.

 

Cybersecurity impacts

Cyber attacks can cause electrical blackouts, failure of military equipment, and breaches of national security secrets. They can result in the theft of valuable, sensitive data like medical records. They can disrupt phone and computer networks or paralyze systems, making data unavailable.

Cybersecurity is crucial because it safeguards all types of data against theft and loss. Sensitive data, protected health information (PHI), personally identifiable information (PII), intellectual property, personal information, data, and government and business information systems are all included.

The sheer scope and size of the data breaches we saw in 2017 – Equifax being one of the most notable – has heightened concerns over cyber-preparedness. Increasingly, customers are evaluating their own level of cybersecurity preparedness, as well as that of their suppliers.

There’s no doubt that our industry is taking cybersecurity seriously, however there is still work to be done, and both systems integrators and their manufacturer partners need to be prepared. Information technology (IT) departments will continue to play an expanded role in approving products for deployment on corporate networks. The use of third-party cybersecurity audits will also become more commonplace, which will significantly impact how products are developed and deployed.

In addition to ensuring that their products are secure, manufacturers and system integrators will also need to improve their own organizational security. For video solution providers, that could mean demonstrating how they protect their software code and architect their software, and how compliant their solutions are with data privacy standards in North America and globally.

The need to bolster cyber defenses will also create demand for new equipment and software upgrades as the vulnerabilities of customers’ legacy equipment are exposed.

Cybersecurity will be a challenge for some systems integrators, but a great business opportunity for others. Customers will increasingly look for integrators that can meet their cybersecurity standards and possibly pass a cyber audit. If there’s a weak link in the chain – from product design to installation or service – then everyone loses. System Integrators know major China manufacturers like Dahua, Hikvision, Uniview are not impacted, from everything we have seen. We executed the proof of concept code from the disclosure on multiple devices and were unable to gain access using the backdoor. The backdoor primarily impacts devices using HiSilicon SOC with Xiongmai software, which is dozens of small OEM manufacturers, using minimally modified OEM firmware, Open Source OS and drivers, and enabling telnet on port 9530.

So it’s important that integrators and manufacturers work closely together and ensure that they share the same high cybersecurity standards. Integrators should also demand that their manufacturer partners be diligent about educating them on products and keeping software up to date to reduce potential vulnerabilities.

 

Knowing your market

Many of today’s leading system integrators have begun investing in the additional resources needed to educate staff and align their organizations so they can successfully adopt and provide these new capabilities to their customers.

It’s important that your organization have conversations with both your end user customers and your technology providers so you can take advantage of new opportunities while also helping to clarify what’s possible today and what’s still on the horizon.

As integrators move from equipment sales to consultative solution sales, it is important to understand the unique business problems of the customers in your target market. While this concept is not new, a growing number of integrators are putting vertical market initiatives in place to concentrate their expertise.

The top five business challenges of yesterday may no longer be the top five challenges of tomorrow. Integrators need to understand what those unique challenges are for each vertical they play in, and work with manufacturers that can provide proven solutions for specific markets.

Thursday, June 15, 2023

Network Security Checklist

Network Security Checklist 

Your business faces threats on many fronts, and the more users, devices, and applications you add, the more vulnerable your network becomes.

Network security is any activity designed to protect the usability and integrity of your network and data. It includes both hardware and software technologies. Effective network security manages access to the network. It targets a variety of threats and stops them from entering or spreading on your network.

Network security combines multiple layers of defences at the edge and in the network. Each network security layer implements policies and controls. Authorized users gain access to network resources, but malicious actors are blocked from carrying out exploits and threats.

Digitization has transformed our world. How we live, work, play, and learn have all changed. Every organization that wants to deliver the services that customers and employees demand must protect its network. Network security also helps you protect proprietary information from attack. Ultimately it protects your reputation.

Major China manufacturers like Dahua, HikVision, Uniview are not impacted, from everything we have seen. We executed the proof of concept code from the disclosure on multiple devices and were unable to gain access using the backdoor.

The backdoor primarily impacts devices using HiSilicon SOC with Xiongmai software, which is dozens of small OEM manufacturers, using minimally modified OEM firmware, Open Source OS and drivers, and enabling telnet on port 9530.


For Firewalls 

SL No

Guidance

Compliance

1

Update the router to the latest firmware version.

 

2

Disable ping (ICMP) response on WAN port.

 

3

Disable UPnP (universal plug-and-play).

 

4

Disable IDENT (port 113).

 

5

Disable remote management of the router.

 

6

Change the default administrator password.

 

7

Enable stateful packet inspection (SPI).

 

8

The settings for a firewall policy should be as specific as possible. Do not use 0.0.0.0 as an address.

 

9

Check for incoming/outgoing traffic security policy

 

10

Check for firewall firmware / OS updates

 

11

Allow only HTTPS access to the GUI and SSH access to the CLI

 

12

Re-direct HTTP GUI logins to HTTPS

 

13

Change the HTTPS and SSH admin access ports to non-standard ports

 

14

Restrict logins from trusted hosts

 

15

Set up two-factor authentication for administrators

 

16

Create multiple administrator accounts

 

17

Modify administrator account lockout duration and threshold values

 

18

Create multiple administrator accounts

 

19

Check if all management access from the Internet is turned off, if it does not have a clear business need. At most, HTTPS and PING should

 

20

Ensure that your SNMP settings are using SNMPv3 with encryption and configure your UTM profiles

 

21

All firewall policies should be reviewed every 3 months to verify the business purpose

 

For Routers

SL No

Guidance

Compliance

1

Do not use Default password for your router

 

2

Check if the router block access to a modem by IP address

 

3

Ensure that router admin gets an alert when a new device joins the network

 

4

Most routers let you disable UPnP on the LAN side

 

5

Enable port forwarding and IP filtering for your router

 

6

Check if the router supports HTTPs, in some routers it is disabled by default

 

7

If HTTPS is supported, can admin access be limited exclusively to HTTPS?

 

8

Check if the TCP/IP port used for the web interface can be changed

 

9

To really prevent local admin access, limit the LAN IP address to a single IP address that is both outside the DHCP range and not normally assigned.

 

10

Check if the admin access can be limited to Ethernet only

 

11

Check if the router access can be restricted by SSID and/or by VLAN

 

12

The router should not allow multiple computers to logon at the same time using the same userid

 

13

Check if there is some type of lockout after too many failed attempts to login to the web interface

 

14

Make sure the remote administration settings are turned off by default

 

15

Check if the port number can be changed remotely

 

16

If you forget to logout from the router, eventually your session should time out, and, you should be able to set the time limit, the shorter, the more secure

 

17

Inbound WAN: What ports are open on the WAN/Internet side? The most secure answer is none and you should expect any router not provided by an ISP to have no open ports on the Internet side. One exception is old school Remote Administration, which requires an open port. Every open port on the WAN side needs to be accounted for, especially if the router was provided by an ISP; they often leave themselves a back door. The Test your Router page links to many websites that offer firewall tests. That said, none of them will scan all 65,535 TCP ports or all 65,535 UDP ports. The best time to test this is before placing a new router into service.

 

18

Inbound LAN: What ports are open on the LAN side? Expect port 53 to be open for DNS (probably UDP, maybe TCP). If the router has a web interface, then that requires an open port. The classic/standard utility for testing the LAN side firewall is nmap. As with the WAN side, every port that is open needs to be accounted for.

 

19

Outbound: Can the router create outgoing firewall rules? There are all sorts of attacks that can be blocked with outgoing firewall rules. Generally, consumer routers do not offer outbound firewall rules while business class routers do. In addition to blocking, it would be nice if the blocks were logged for auditing purposes. Note however, that devices connected to Tor or a VPN will not obey the outbound firewall rules.

 

For Network Switches

SL No

Guidance

Compliance

1

Check if the latest firmware is used.

 

2

Check the switch's user guide's for security features and see if the required ones have been implemented properly.

 

3

Create an Enable Secret Password Encrypt Passwords on the device

 

4

Use an external AAA server for User Authentication

 

5

Create separate local accounts for User Authentication Configure Maximum Failed Authentication Attempts

 

6

Restrict Management Access to the devices to specific IPs only

 

7

Enable Logging for monitoring, incident response and auditing. You can enable logging to an internal buffer of the device or to an external Log server.

 

8

Enable Network Time Protocol (NTP) - You must have accurate and uniform clock settings on all network devices in order for log data to be stamped with the correct time and timezone. This will help tremendously in incident handling and proper log monitoring and correlation.

 

9

Restrict and Secure SNMP Access

 

For Linux Servers

SL No

Guidance

Compliance

1

Update your package list and upgrade your OS

 

2

Remove unnecessary packages

 

3

Detect weak passwords with John the Ripper

 

4

Verify no accounts have empty passwords

 

5

Set password rules

 

6

Set password expiration in login.defs

 

7

Disable USB devices (for headless servers)

 

8

Check which services are started at boot time

 

9

Detect all world-writable files

 

10

Configure iptables to block common attacks

 

11

Set GRUB boot loader password

 

12

Disable interactive hotkey startup at boot

 

13

Enable audited to check for read/write events

 

14

Secure any Apache servers

 

15

Lock user accounts after failed attempts with Fail2Ban

 

16

Set root permissions for core system files

 

17

Keep watch for any users logging on under suspicious circumstances

 

18

In case of remote access activity: Make sure that the suspicious activity is flagged and documented

 

19

Make sure that the Suspected account privileges temporarily frozen

 

20

Make sure that there is a process in place for changing system configurations

 

21

Check that all system configuration changes are being recorded

 

22

Ensure start-up processes are configured correctly

 

23

Ensure regular users cannot change system startup configuration

 

24

Remove unused software and services

 

25

Review your server firewall security settings and make sure everything is properly configured

 

26

Make sure that membership to both the admin and superadmin group is restricted to as few users as Possible without causing any  problems

 

For Windows Servers

SL No

Guidance

Compliance

1

Install the latest service packs and hotfixes from Microsoft

 

2

Enable automatic notification of patch availability.

 

3

Set minimum password length.

 

4

Enable password complexity requirements.

 

5

Do not store passwords using reversible encryption. (Default)

 

6

Configure account lockout policy.

 

7

Restrict the ability to access this computer from the network to Administrators and Authenticated Users.

 

8

Do not grant any users the 'act as part of the operating system' right. (Default)

 

9

Restrict local logon access to Administrators.

 

10

Deny guest accounts the ability to logon as a service, batch job, locally or via RDP

 

11

Place the warning banner in the Message Text for users attempting to log on.

 

12

Disallow users from creating and logging in with Microsoft accounts.

 

13

Disable the guest account. (Default)

 

14

Require Ctrl+Alt+Del for interactive logins. (Default)

 

15

Configure machine inactivity limit to protect idle interactive sessions.

 

16

Require the "Classic" sharing and security model for local accounts. (Default)

 

17

Do not allow any shares to be accessed anonymously.

 

18

Restrict anonymous access to named pipes and shares. (Default)

 

19

Do not allow any named pipes to be accessed anonymously.

 

20

Do not allow everyone permissions to apply to anonymous users. (Default)

 

21

Do not allow anonymous enumeration of SAM accounts and shares.

 

22

Do not allow anonymous enumeration of SAM accounts. (Default)

 

23

Disable anonymous SID/Name translation. (Default)

 

24

Configure Microsoft Network Server to digitally sign communications if client agrees.

 

25

Configure Microsoft Network Server to always digitally sign communications.

 

26

Disable the sending of unencrypted passwords to third party SMB servers.

 

27

Configure Microsoft Network Client to digitally sign communications if server agrees. (Default)

 

28

Configure Microsoft Network Client to always digitally sign communications.

 

29

Allow Local System to use computer identity for NTLM.

 

30

Disable Local System NULL session fallback.

 

31

Configure allowable encryption types for Kerberos.

 

32

Do not store LAN Manager hash values.

 

33

Set LAN Manager authentication level to only allow NTLMv2 and refuse LM and NTLM.

 

34

Configure file system as well as registry permissions.

 

35

Ensure all volumes are using the NTFS file system.

 

36

Configure user rights to be as secure as possible: Follow the Principle of Least Privilege

 

37

Disable or uninstall unused services.

 

38

Configure log shipping (e.g. to Splunk).

 

39

Configure Event Log retention method and size.

 

40

Configure Policy Change audit policy & Privilege Use audit policy.

 

41

Configure Logon/Logoff audit policy.

 

42

Configure Account Management audit policy.

 

43

Configure the number of previous logons to cache.

 

44

Require strong (Windows 7 or later) session keys.

 

45

Configure machine inactivity limit to protect idle interactive sessions.

 

46

Digitally encrypt or sign secure channel data (always). (Default)

 

47

Configure Windows Firewall to restrict remote access services (VNC, RDP, etc.) to the organization VPN or only networks.

 

48

Configure the Windows Firewall in all profiles to block inbound traffic by default. (Default)

 

49

Enable the Windows Firewall in all profiles (domain, private, public). (Default)

 

50

Update and enable anti-spyware and antivirus software through Windows update.

 

51

Set the system date/time and configure it to synchronize against Organization time servers.

 

52

Disallow remote registry access if not required.

 

53

If RDP is utilized, set RDP connection encryption level to high.

 

54

Install software to check the integrity of critical operating system files.

 

55

Provide secure storage for Confidential (category-I) Data as required. Security can be provided by means such as, but not limited to, encryption, access controls, file system audits, physically securing the storage media, or any combination thereof as deemed appropriate.