Windows
2013年3月
主机操作系统加固规范
目 录
1
账号管理、认证授权 .................................................................................................. 1 1.1 账号 ...................................................................................................................... 1 1.1.1 SHG-Windows-01-01-01 .................................................................................. 1 1.1.2 SHG-Windows-01-01-02 .................................................................................. 2 1.1.3 SHG-Windows-01-01-03 .................................................................................. 3 1.2 口令 ...................................................................................................................... 4 1.2.1 SHG-Windows-01-02-01 .................................................................................. 4 1.2.2 SHG-Windows-01-02-02 .................................................................................. 5 1.3 授权 ...................................................................................................................... 6 1.3.1 SHG-Windows-01-03-01 .................................................................................. 6 1.3.2 SHG-Windows-01-03-02 .................................................................................. 7 1.3.3 SHG-Windows-01-03-03 .................................................................................. 8 1.3.4 SHG-Windows-01-03-04 .................................................................................. 9 1.3.5 SHG-Windows-01-03-05 ................................................................................ 10 2
日志配置 ..................................................................................................................... 11 2.1.1 SHG-Windows-02-01-01 ................................................................................. 11 2.1.2 SHG-Windows-02-01-02 ................................................................................ 12 3
通信协议 .................................................................................................................... 14 3.1 IP协议安全 ....................................................................................................... 14 3.1.1 SHG-Windows-03-01-01 ................................................................................ 14 3.1.2 SHG-Windows-03-01-02 ................................................................................ 15 3.1.3 SHG-Windows-03-01-03 ................................................................................ 16 4
设备其他安全要求 .................................................................................................... 18 4.1 屏幕保护 ............................................................................................................ 18 4.1.1 SHG-Windows-04-01-01 ................................................................................ 18 4.1.2 SHG-Windows-04-01-02 ................................................................................ 19 4.2 共享文件夹及访问权限 .................................................................................... 20 4.2.1 SHG-Windows-04-02-01 ................................................................................ 20 4.2.2 SHG-Windows-04-02-02 ................................................................................ 21 4.3 补丁管理 ............................................................................................................ 23 4.3.1 SHG-Windows-04-03-01 ................................................................................ 23 4.4 防病毒管理 ........................................................................................................ 24 4.4.1 SHG-Windows-04-04-01 ................................................................................ 24 4.4.2 SHG-Windows-04-04-02 ................................................................................ 25 4.5 WINDOWS服务 ................................................................................................... 26 4.5.1 SHG-Windows-04-05-01 ................................................................................ 26 4.5.2 SHG-Windows-04-05-02 ................................................................................ 28 4.6 启动项 ................................................................................................................ 29 4.6.1 SHG-Windows-04-06-01 ................................................................................ 29
4.6.2 SHG-Windows-04-06-02 ................................................................................ 30
本文档是Windows操作系统的对于Win系统的设备账号认证、日志、协议、补丁升级、文件系统管理等方面的安全配置要求,共26项。对系统的安全配置审计、加固操作起到指导性作用。
1 账号管理、认证授权
1.1 账号
1.1.1 SHG-Windows-01-01-01
1.1.2 SHG-Windows-01-01-02
1.1.3 SHG-Windows-01-01-03
1.2 口令
1.2.1 SHG-Windows-01-02-01
1.2.2 SHG-Windows-01-02-02
1.3 授权
1.3.1 SHG-Windows-01-03-01
1.3.2 SHG-Windows-01-03-02
1.3.3 SHG-Windows-01-03-03
1.3.4 SHG-Windows-01-03-04
1.3
.5 SHG-Windows-01-03-05
2 日志配置
2.1.1 SHG-Windows-02-01-01
2.1.2 SHG-Windows-02-01-02
名称
日志记录策略设置 优化系统日志记录,防止日志溢出。设置应用日志文件大小
实施目的
至少为 8192KB,设置当达到最大的日志尺寸时,按需要改 写事件
问题影响
如果日志的大小超过系统默认设置,则无法正常记录超过最 大记录值后的所有系统日志、应用日志、安全日志等 , 进入 “控制面板->管理工具->事件查看器” 查看并记录“应 用日志”、 “系统日志”“安全日志”的当前设置 、 1、参考配置操作 、 进入“控制面板->管理工具->事件查看器” ,在“事件查看器 (本地) ”中:
系统当前状态
实施步骤
“应用日志”属性中的日志大小设置不小于“8192KB” , 设置当达到最大的日志尺寸时, “按需要改写事件” “系统日志”属性中的日志大小设置不小于“8192KB” , 设置当达到最大的日志尺寸时, “按需要改写事件” “安全日志”属性中的日志大小设置不小于“8192KB” , 设置当达到最大的日志尺寸时, “按需要改写事件”
回退方案
还原“应用日志”、 “系统日志” “安全日志”的设置到加 、 固之前配置 进入“控制面板->管理工具->事件查看器” ,在“事件查看器 (本地) ”中:
判断依据
查看各项日志属性中日志大小是否设置为不小于 “8192KB” ,是否设置当达到最大的日志尺寸时, “按需要 改写事件” 。
实施风险 重要等级
低 ★