Desktop App Checklist.docx
- 文档编号:3721855
- 上传时间:2022-11-24
- 格式:DOCX
- 页数:153
- 大小:480.21KB
Desktop App Checklist.docx
《Desktop App Checklist.docx》由会员分享,可在线阅读,更多相关《Desktop App Checklist.docx(153页珍藏版)》请在冰豆网上搜索。
DesktopAppChecklist
DESKTOPAPPLICATIONSECURITYCHECKLIST
Version3,Release1.2
27July2007
DevelopedbyDISAfortheDoD
Thispageisintentionallyleftblank.
TABLEOFCONTENTS
SUMMARYOFCHANGES
Version3.1.1
28March2007
AllSections
UpdatedforSTIGVersionChange3.1
VariousSections
Updatedfornewmobilecoderequirements
Section2.3.1
UpdatedforSymantecVersion10.x
Section2.3.2
UpdatedforMcAfeeVersion8.x
Section2.4.2
IEupdatedJavaPermissions
Section2.7
Updatedwithindicatorofwhenthecheckapplies
Section2.8
AntiSpyware–newsection
SUMMARYOFCHANGES
Version3.1.2
27July2007
DTAS017
UpdatedtoaddinformationforVersion10.x
DTAS069
Updatedtohavecorrectvalueofthekey
DTAS040
UpdatedtoaddinformationforVersion10.x
DESKTOPAPPLICATIONCHECKLIST-SCRIPTCHECKPROCEDURES
ThissectionoftheChecklistprovidestheprocedurestobeusedtoconductself-assessmentandreviewsSRRfortheDesktopApplicationSTIGrequirementsusingtheautomatedtoolsdevelopedandmaintainedbyDISAFieldSecurityOperations(FSO).Thereviewerusestheoutputofthesescriptstoanalyzeanddocumentpotentialsecurityvulnerabilitiesonthereviewedsystem.
1.UseVersion2.0oftheGoldDisktoconductthereview.InserttheCDandthendoubleclickonthepgd.exe.ThiswillcausetheGolddisktolaunchandevaluatewhatproductsarethesystembeingreviewed.
2.
3.Uponsuccessfulcompletionoftheinitialscan,thelowerrighthandpanewillidentifyalltheapplicationsthatarepresentonthemachine.TheDesktopreviewprocessincludesthefollowingproducts:
4.
Antivirus
MacAfee
Symantec
Browsers
Netscape
InternetExplorer
OfficeAutomation
Word
Excel
Access
FrontPage
Outlook
PowerPoint
TherearealsogeneralchecksthatareincludedthatarecalledDesktopApplicationGeneral.Thesechecksapplytoallmachines.ThereisagroupofchecksthatarecalledDesktopApplication–Remote.ThisgroupofchecksappliesifthemachineconnectstoaDoDremotelye.g.,Laptop.
UponexecutionofthestartupGUI,clicktheEvaluateAssetbutton.TheGUIisbrokendownintoseveralbranches.Inordertoperformareview,thereviewermustknowwhatapplicationsarepartsofthereview(listedabove).Onlytheapplicationsactuallyinstalledonthemachinewillbeevaluated.Pleasenoteforallthe‘documentable’findings,thesefindingsshouldbeuploadedintoVMS6.0inanOpenstatus
5.InordertocreateanXMLfile,selectReports,thenVMS6.x.ThiswillcauseadialogboxtoappearwhichwillaskforafilenamefortheVMSimportfile.
6.
7.LogontoVMS.Iftheassetisnotregistered–theassetwillbeaddedduringtheupload.Iftheassetexists,itwillbeupdatedwiththeresultsfromtheGoldDisk.
8.
9.Ifamanualregistrationisdonethefollowingitemsareofnote:
10.
11.ManualRegistration:
YouwillfindtheappropriateselectioncriteriabyselectingComputing.Thenselectingtheyellowfolder.EnsurethatinadditiontotheminimumrequiredfieldsforVMSthefollowingfieldsarepopulatedthefollowingfields:
12.
Underthe:
GeneralTab
HostName:
Entermanually
Description:
EnterManually
Ensureallrequiredfileswhicharedesignatedwithan*arecorrect
AssetIdentification
IPAddress(ensuretoclicktheaddbuttonbytheIPaddresswindow)
MACAddress(ensuretoclicktheaddbuttonbytheMacwindow)
AssetPosture
Underthistabexpandthecomputinglocatedontheleft,godownthrougheachitem,andselectwhatisapplicabletothesystemyouareregistering.Onceyoucheckaselectionyoumustclickthe>andensureitisaddedtotheselectedboxontheright
AWindowsassetmustalsohavearole(aworkstation,memberserver,ordomaincontrollerassigned).Pleaseensurethatthecorrectroleisassigned.
Clickthesavebutton,ifthisisnotclickedyouwillloseyourselections.
Function
Selectassetfunctionfromtheleftwindowandclickthe>arrowtoaddittotheselectedwindow
AdditionalInformation
Fillintheadditionalinformationasrequired
Ensureyouclickthesavebuttonoryouwilllosetheinformation,ifthishappenstheassetwillbecreatedandyoucanmodifyitatthattime.Donotrecreatethesameasset.
Clickthesavebuttontoensureallyourworkissaved.Theassetisnotregisteredwiththerequiredchecks.
Aftersuccessfulregistration,inadditiontothe‘expected’Windowscheck,therewillalsobeDesktopGeneralchecksandIEChecks.Thisisexpected.WithVMS6.0,thesevulnerabilitiesfromtheDesktopSTIGareshownonWindowsAssets
13.UploadresultsintoVMSbyNavigatingtoAssetFindingMaint.
14.
AnSAshouldchooseLocation,thenClicktheblueXMLarrowiconlocatedattherightof‘Computing’.Thiswillpromptforthenameafiletobeuploaded.Thisprocesswillregistertheassetifitdoesn’texist.
AreviewershouldchooseVisit,thenClicktheblueXMLarrowiconlocatedattherightof‘Computing’.Thiswillpromptforthenameafiletobeuploaded.Thisprocesswillregistertheassetifitdoesn’texist.
Afterupload,reviewtheEnclavethattheassetistiedtobynavigatingtothe‘Systems/Enclaves’taboftheasset.SelecttheAppropriateEnclave.Iftheenclaveisnotpresent,contacttheIAMorteamleadtodetermineiftheenclavehasbeenrequested,Click‘>>’,Click‘Save’.
Thispageisintentionallyleftblank.
DESKTOPAPPLICATIONCHECKLIST-MANUALCHECKPROCEDURES
ThissectionoftheChecklistprovidestheprocedurestobeusedtoconductamanualSRRfortheDesktopApplicationSTIGrequirements.Theresultsfromtheproceduresdocumentedinthissectioncanberecordedonacopyofsection2,SRRResultReport.
1.1ToolsUsed
1.2
ToconductamanualreviewofcompliancewiththeDesktopApplicationSTIGrequirements,itisnecessarytousesometoolsthatareprovidedwiththeWindowsoperatingsystem.Thissectiondescribestheindividualtoolsandprovidesexamplesoftheappearanceofthosetools.
EditFileTypeFacility
TheEditFileTypefacilityisusedtomanuallyverifyWindowsfiletypeproperties.ThisfacilityisaccessedthroughtheWindowsNTExplorerapplicationonWindowsNTortheWindowsExplorerapplicationonWindows2000.
OntheToolsmenu,selecttheFolderOptions…item.OntheFolderOptionswindow,selecttheFileTypestab.Afterselectingafiletype,selecttheEdit…buttonforWindowsNTortheAdvancedbuttonforWindows2000providesaccesstothefiletypeproperties.
ThefollowingexamplesshowtheappearanceofthefacilityonWindowsNT:
ThefollowingexamplesshowtheappearanceofthefacilityonWindows2000:
ItshouldbenotedthattheWindowsFolderOptionswindowincludescolumnheadingsthatcanbeusedtosorttheentriesbyextensionorfiletype.
FileVersionChecking
TomanuallychecktheversionofaWindowsfileitisnecessarytosearchforthefileandtonavigatetothefileversioninformation.Thiscanbedonethroughthe“Search|ForFilesorFolders…”facility.
FromtheWindowsStartmenuselecttheSearchitem.OntheSearchmenu,selecttheForFilesorFolders…item.Afterthefileisfound,rightclickonthefilename,selectthePropertiesitem,andselecttheVersiontab.ThefollowingexamplesshowtheappearanceofthefacilityonWindows:
ApplicationDialogs
Thissectionprovidesexamplesofthedialogwindowsthatareusedinthemanualapplicationchecks.
MSOutlookDialogs
TomanuallychecktheSecurityZonesettinginOutlookselecttheOptions…itemontheToolsmenu.OntheOptionswindow,selecttheSecuritytab.Thefollowingexampleshowstheappearanceofthedialog:
TomanuallychecktheAttachmentSecuritysetting(ifapplicable)inOutlook98or2000,selecttheAttachmentSecurity…buttonontheSecuritytabshownabove.Thefollowingexampleshowstheappearanceofthedialog:
MSOfficeDialogs
TomanuallychecktheMacroSecurityLevelsettinginthe2000and2002versionsofWord,Excel,PowerPoint,andOutlook,starteachapplicationandselecttheToolsmenuanditsMacroitem.OntheMacromenu,selecttheSecurity…item.OntheSecuritywindow,selecttheSecurityLeveltab.TheappearanceoftheSecurityLeveltabisthesameinalltheapplications.ThefollowingexampleshowstheappearanceofthedialoginOutlook2000:
WindowsRegistryEditor
Tomanuallycheckthevaluesofsomeapplicationoptions,itisnecessarytousetheWindowsRegistryEditor.Itcanbestartedusingtheregedt32.execommandataWindowscommandpromptorfromtheRun…itemontheStartmenu.FromtheOptionsmenu,selecttheReadOnlyModeitemtoensurethatnoupdatesareinadvertentlymade.ThefollowingexampleshowstheappearanceoftheRegistryEditor:
NOTE:
IfasystemisconfiguredinaccordancewiththeapplicableNSAguidanceontheinstalledWindowsoperatingsystem,theWindowsRegistryEditorwillbeaccessibleonlytouserswithadministrator-levelprivilege.ThereforechecksthatrequiretheuseoftheWindowsRegistryEditorwillrequirethataprivilegedusersignon.Tocheckuser-specific(i.e.,HKCU)keys,itmaybenecessarytousetheLoadHivefacility.
FileandDirectoryPermissionChecking
Therearemultiplewaystocheckfileanddirectorypermissions:
∙OnWindowsNTsystems,theDumpSecutilitycanbeused.DetailsontheusageofDumpSeccanbefoundinthesectionUsingDumpSecintheWindowsSecurityChecklistdocument.
∙
∙OnWindows2000systems,theMicrosoftManag
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Desktop App Checklist