[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 194688 Download | Alert*

The sudo command must be configured to prompt for the administrator user's password at least once in each newly opened Terminal window or remote login session, as this prevents a malicious user from taking advantage of an unlocked computer or an abandoned login session to bypass the normal password prompt requirement. Without the tty_tickets option, all open local and remote login sessions would b ...

Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for blank CDs mitigates this risk.

The operating system must initiate a session lock after a 15-minute period of inactivity. A screensaver must be enabled and set to require a password to unlock. The timeout should be set to fifteen minutes of inactivity. This mitigates the risk that a user might forget to manually lock the screen before stepping away from the computer. A session time-out lock is a temporary action taken when a use ...

Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for blank DVDs mitigates this risk.

The audit service must be configured to require a minimum percentage of free disk space in order to run. This ensures that audit will notify the administrator that action is required to free up more disk space for audit logs. When minfree is set to 25%, security personnel are notified immediately when the storage volume is 75% full and are able to plan for audit record storage capacity expansion.

The audit service should be configured to immediately print messages to the console or email administrator users when an auditing failure occurs. It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without a real-time alert, security personnel may be unaware of an impending failure of the audit capability and system operatio ...

Bluetooth devices must not be allowed to wake the computer. If Bluetooth is not required, turn it off. If Bluetooth is necessary, disable allowing Bluetooth devices to wake the computer.

End users must not be able to override Gatekeeper settings. Gatekeeper must be configured with a configuration profile in order to prevent normal users from overriding its setting. If users are allowed to disable Gatekeeper or set it to a less restrictive setting, then it is possible that malware could be introduced into the system. Gatekeeper is a security feature that ensures that applications m ...

The permissions on a file establish which users and groups are permitted to access or modify it. An attacker may attempt to change the permissions on a file to prevent legitimate users from accessing it or to grant additional access to an account the attacker controls. Auditing successful and unsuccessful attempts to modify security objects such as file permissions mitigates this risk.

Frequently, an attacker that successfully gains access to a system has only gained access to an account with limited privileges, such as a guest account or a service account. The attacker must attempt to change to another user account with normal or elevated privileges in order to proceed. Auditing successful and unsuccessful attempts to elevate privileges mitigates this risk.


Pages:      Start    11591    11592    11593    11594    11595    11596    11597    11598    11599    11600    11601    11602    11603    11604    ..   19468

© SecPod Technologies