Sre-SOAM-003：Windows系统安全基线.docx资源-CSDN文库

需积分: 5 194 浏览量 2024-09-16 11:09:32 上传评论收藏 35KB DOCX 举报

资源推荐

资源详情

资源评论

Sre 信息技术有限公司

Windows 系统安全基线

■文档编号

Sre-SOAM-003

■文档密级

内部使用级

■版本编号

v1.0

■发布日期

第一章账户号管理与授权.............................................................................................................................5

1.1 删除或锁定无用的账号 .................................................................................................................5

1.2 按用户角色分配不同权限.............................................................................................................5

1.3 口令复杂度检测 ...............................................................................................................................6

1.4 设置不能重复使用相同的口令....................................................................................................6

1.5 不使用系统默认用户名 .................................................................................................................7

1.6 口令有效期不长于 90 天 ...............................................................................................................7

1.7 设定连续认证失败次数 .................................................................................................................8

1.8 远端系统强制关机权限设置 ........................................................................................................8

1.9 关闭系统的权限设置......................................................................................................................9

1.10 取得文件或其他对象的所有权设置 ........................................................................................9

1.11 将从本地登录设置为指定授权用户......................................................................................10

1.12 将从网络访问设置为指定授权用户......................................................................................10

第二章日志配置.............................................................................................................................................11

2.1 审核策略设置 .................................................................................................................................11

2.2 日志查看器设置.............................................................................................................................12

第三章 IP 协议安全.......................................................................................................................................12

3.1 开启 TCP/IP 筛选 ..........................................................................................................................12

3.2 启用防火墙......................................................................................................................................13

3.3 启用 SYN 攻击保护 ........................................................................................................................14

第四章服务配置.............................................................................................................................................15

4.1 关闭不必要的服务 ........................................................................................................................15

4.2 关闭自动播放功能 ........................................................................................................................16

4.3 SNMP Community String 设置 ..................................................................................................17

4.4 关闭远程注册表.............................................................................................................................17

4.5 启用 NTP 服务 .................................................................................................................................18

4.6 关闭不必要的启动项....................................................................................................................18

4.7 审核 HOST 文件的可疑条目 ........................................................................................................19

4.8 存在未知或无用的应用程序......................................................................................................19

4.9 关闭默认共享 .................................................................................................................................20

4.10 非 everyone 授权共享...............................................................................................................20

4.11 删除匿名访问共享......................................................................................................................21

4.12 挂起会话前所需的空闲时间设置...........................................................................................21

第五章 Windows 更新.....................................................................................................................................22

5.1 禁用"关闭 Windows"对话框中显示"安装更新并关机”选项 .........................................22

5.2 自动更新配置 .................................................................................................................................22

5.3 重新计划自动更新计划的安装 .................................................................................................23

第六章 MSS 策略..............................................................................................................................................24

6.1 IP 源路由保护级别.......................................................................................................................24

6.2 为不同类型的网络传输配置 IPSec 免除 ...............................................................................24

6.3 自动登录 ..........................................................................................................................................25

6.4 是否允许 ICMP 包重定向来重载 OSPFh 合成路由 ...............................................................25