Staff Awareness and Individual Device Assessment
Summary
Purpose
Guiding Questions
Operational Security
Preparation
Outputs
Activities
References and resources for Staff Awareness and Individual Device Assessment
-
Guidelines: "Guidelines on Firewalls and Firewall Policy" (NIST 800-41)
-
Benchmarks: "Security Configuration Benchmarks" (CIS Security Benchmarks)
-
Repository: "National Checklist Program" (NIST)
-
Windows Utility: "HardenTools" (Security Without Borders)
-
Guide: "How to Teach Humans to Remember Really Complex Passwords" (Wired)
-
Video: "What’s wrong with your pa$$w0rd?" (TED)
-
Article: "Password Security: Why the horse battery staple is not correct" (Diogo Mónica)
-
Organization: "Passwords Research" (The CyLab Usable Privacy and Security Laboratory (CUPS))
-
Guide: "Hacker Lexicon: What Is Password Hashing?" (Wired)
-
Guide: "7 Password Experts on How to Lock Down Your Online Security" (Wired)
-
Password Survery: Encountering Stronger Password Requirements: User Attitudes and Behaviors (CUPS)
- identify what privileges services are running as
- identify is the admin user is called admin or root
- Identify if users are logging in and installing software as admin.
- Checklist: "Firewall Configuration Checklist." (NetSPI)
- Identifying if a device is using encryption by OS
- Encryption availablility by OS
- Encryption Guides
Device Assessment:
Password Security:
Privilege Separation Across OS:
Examining Firewalls Across OS:
Identifying Software Versions:
Device Encryption By OS:
Anti-Virus Updates:
Identifying Odd/One-Off Services: