The following items can be used as a quick checklist to begin designing your security audit documentation of servers. These checklists have many facets and are divided into subsections to be evaluated on their own such as Disaster Recovery.
These lists are designed for IT staff of small and medium businesses to help them quickly think of security items that should be reviewed when security audits (formal or informal) are performed.
The following list is a set of items that should be reviewed when creating an security audit of the server user accounts.
- Is the organizational password policy enforced on this server?
- Has the Administrator account been disabled and renamed?
- If no, is the password for the administrator account stored using split-custody procedures?
- If no, the administrative account used for service accounts?
- Are there minimal accounts that have administrative access to the server?
- Are there minimal accounts that are used as service accounts on this server?
- When service accounts are used; does every service use a unique service account?
- Is the Guest account disabled?
- Have all unnecessary accounts been removed from Administrators group
- Administrators use domain controlled accounts for administration where possible.
- Has the organizational account lockout policy been enforced on this server?
- Is there an access request procedure in place for all new account creation and account modifications?
| 