|Paid content will be excluded from the download.
| Matches : 81026
|The operating system must enforce a minimum 15-character password length. The minimum password length must be set to 15 characters. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password length is one factor of several that helps to determine strength and how long it takes to crack a password. The use of ...
Infrared [IR] kernel support must be disabled to prevent users from controlling the system with IR devices. By default, if IR is enabled, the system will accept IR control from any remote.
The default global umask setting must be set to '022' for system processes. The setting '022' ensures that system process created files and directories will only be readable by other users and processes, not writable. This mitigates the risk that unauthorized users might be able to write to files and directories created by system processes. A more restrictive setting could potentially break the no ...
Finder must be set to always empty Trash securely. Finder must be configured to always empty Trash securely in order to prevent data recovery tools from accessing the deleted files. Files emptied from the Trash by normal means are still present on the hard drive and can be recovered up until the moment the system overwrites that particular location on disk. A malicious user with physical access to ...
IP forwarding for IPv4 must not be enabled, unless the system is a router, as only authorized systems should be permitted to operate as routers.
The audit service should shut down the computer if it is unable to audit system events. Once audit failure occurs, user and system activity is no longer recorded and malicious activity could go undetected. Audit processing failures include: software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend u ...
The operating system must protect the confidentiality and integrity of all information at rest. FileVault Disk Encryption must be enabled. By encrypting the system hard drive, the confidentiality and integrity of any data stored on the system is ensured. Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive and tape drive) within ...
Firewall logging must be enabled. This ensures that malicious network activity will be logged to the system. This requirement is NA if HBSS is used.
Secure virtual memory must be enabled. Secure virtual memory ensures that data in memory is encrypted when it is swapped to disk. This prevents users and applications from accessing potentially sensitive information, such as user names and passwords, from the swap space on the hard drive.
Automatic actions must be disabled for music CDs. Applications should not be configured to launch automatically when a disk is inserted. This potentially circumvents anti virus software and allows malicious users to craft disks that can exploit user applications. Disabling Automatic Actions for music CDs mitigates this risk.
Pages:      Start    1    2    3    4    5    6    7    8    9    10    11    12    13    14    ..   8102
© 2013 SecPod Technologies