User Device Assessment
Summary
Purpose
Guiding Questions
Operational Security
Preparation
Outputs
Activities
References and resources for User Device Assessment
-
Guidelines: "Guidelines on Firewalls and Firewall Policy" (NIST 800-41)
-
Benchmarks: "Security Configuration Benchmarks" (CIS Security Benchmarks)
-
Repository: "National Checklist Program Repository - Prose security checklists" (National Vulnerability Database)
-
Security Guidance: "Operating Systems Security Guidance" (NSA)
-
Windows Utility: "HardenTools" (Security Without Borders)
-
Guide: "How to Teach Humans to Remember Really Complex Passwords" (Wired)
-
Guide: "Security on Passwords and User Awareness" (HashTag Security)
-
Video: "What’s wrong with your pa$$w0rd?" (TED)
-
Article: "Password Security: Why the horse battery staple is not correct" (Diogo Mónica)
-
Organization: "Passwords Research" (The CyLab Usable Privacy and Security Laboratory (CUPS))
-
Guide: "Hacker Lexicon: What Is Password Hashing?" (Wired)
-
Guide: "7 Password Experts on How to Lock Down Your Online Security" (Wired)
-
Password Survery: [Encountering Stronger Password Requirements:
- identify what privileges services are running as
- identify is the admin user is called admin or root
- Identify if users are logging in and installing software as admin.
- Checklist: "Firewall Configuration Checklist." (NetSPI)
- Identifying if a device is using encryption by OS
- Encryption availablility by OS
- Encryption Guides
Device Assessment:
Password Security:
User Attitudes and Behaviors](https://cups.cs.cmu.edu/soups/2010/proceedings/a2_shay.pdf#page=14) (CUPS)
Privilege Separation Across OS:
Examining Firewalls Across OS:
Identifying Software Versions:
Device Encryption By OS:
Anti-Virus Updates:
Identifying Odd/One-Off Services: