College of Chemistry - Information Systems - High Security

	Search Site Map Contact Us UC Berkeley

High Security

Back to
Windows Security Policy Outline

Action	Advantage	Disadvantages
Rename administrator account more	Makes it harder to guess username/password	Would make it more difficult to administer for CompSrv
Min. password length of 8 characters more	Harder passwords to guess	Would probably lead to more user password problems
Password Age of 45 days more	Frequent changes make password guessing more difficult	Would probably lead to more user password problems
Protect registry keys more	Restricts access to important registry keys from local users	Some programs may need access to keys to run
Enforce strong user passwords more	Would require at least 3 of following: uppercase, lowercase, numbers, punctuation	Would probably lead to more user password problems
Restrict boot process (via BIOS) more	Only authorized users could boot computer	Prevents normal restarts in event of power failure
Require logon to shutdown computer more	Only authorized users could shut the system down normally	Makes shutting down a longer process if not already logged in; encourages people to not shut down properly (only effective when computer can not be reset by switch)
Control access to removable media more	Allows sensitive data to be transferred to or from media without anything else being able to access it	Prevents programs from accessing floppies and CD-ROMs
Clean system page files on shutdown more	Destroys any sensitive information remaining from processor memory	Only works if shutdown is normal
Disable logon caching more	Prevents access to user credentials at local system	Requires working network/server to log in; causes logging in to take longer
SMB signing more	Mutual authentication limiting "man-in-the-middle" attacks	Slows CPU performance; all related systems must have SMB signing if required
Remove Server / Workstation from network browsing list more	Obscures computers existence	Makes system hard to find, when browsing network
Enhance Security Account Manager protections more	Encrypts SAM with 128bit encryption	Prevents administrator access to password derivatives
Disable use of LanManager password hash more	Limits/prevents sending of more vulnerable LM password hashes	Prevents access from Win95/98 clients
Enable security auditingof logons, file access, etc more	Logs security and system events	Requires monitoring

Back to..
Standard Security	High Security

»  overview
»  our staff
»  web services
»  telecommunication
»  research computing
»  policies
»  windows security
»  documents
»  desktop support
»  licensed software
»  campus resources

Search

Contact Webmaster
Website Design by HyperArts
Last Updated on January 23, 2008 10:22 AM