What is the Security Benchmark Score? The Belarc Advisor has audited the security of your computer using a benchmark appropriate to your operating system. The result is a number between zero and ten that gives a measure of the vulnerability of your system to potential threats. The higher the number the less vulnerable your system.
Why are security benchmarks important for IT security? Many current threats are not stopped by perimeter security systems such as firewall and anti-virus systems. Setting and monitoring configurations based on consensus benchmarks is a critical step because this is a pro-active way to avoid many successful attacks. The U.S. National Security Agency has found that configuring computers with proper security settings blocks 90% of the existing threats ("Security Benchmarks: A Gold Standard." IA Newsletter, vol. 5 no. 3 Click here to view) To request a copy of our white paper, "Securing the Enterprise", click here.
What is the USGCB Benchmark? The United States Government Configuration Baseline (USGCB) is a US Government OMB-mandated security configuration for Windows 7 and Internet Explorer 8. Developed by DoD, with NIST assistance, the benchmark is the product of DoD consensus. Click here for details.
What are FDCC Benchmarks? The Federal Desktop Core Configuration (FDCC) is a US Government OMB-mandated security configuration for Windows Vista and XP. The Windows Vista FDCC is based on DoD customization of the Microsoft Security Guides for both Windows Vista and Internet Explorer 7.0. Microsoft's Vista Security Guide was produced through a collaborative effort with DISA, NSA, and NIST, reflecting the consensus recommended settings from DISA, NSA, and NIST. The Windows XP FDCC is based on US Air Force customization of the Specialized Security-Limited Functionality (SSLF) recommendations in NIST SP 800-68 and DoD customization of the recommendations in Microsoft's Security Guide for Internet Explorer 7.0. Click here for details.
How can you reduce your security vulnerability? The local group policy editor (accessed by running the gpedit.msc command) can be used to configure security settings for your computer. Windows home editions don't include that editor, but most security settings can also be made with registry entries instead. Warning: Applying these security settings may cause some applications to stop working correctly. Back up your system prior to applying these security templates or apply the templates on a test system first. For domain member computers, the benchmark configurations are available from the benchmark creator's web site as Microsoft Group Policy Object files that can be used with Active Directory. Follow the links above to the web site of your Benchmark's creator.
Security Benchmark Score Details
Computer Name: | dan-PC (in WORKGROUP) |
---|---|
Profile Date: | Sunday, March 24, 2019 9:29:27 AM |
Advisor Version: | 9.0 |
Windows Logon: | dan |
Score: | 0.63 of 10 (what's this?) |
---|---|
Benchmark: | USGCB - Windows 7, Version 2.0.5.1 |
= Fail
Account Lockout Policy Settings | Section Score: 0.63 of 0.63 | |||
---|---|---|---|---|
1. | Account Lockout Duration (CCE-9308) | |||
2. | Account Lockout Threshold (CCE-9136) | |||
3. | Reset Account Lockout Counter After (CCE-9400) |
Password Policy Settings | Section Score: 0.00 of 0.63 | |||
---|---|---|---|---|
1. | Enforce Password History (CCE-8912) | |||
2. | Maximum Password Age (CCE-9193) | |||
3. | Minimum Password Age (CCE-9330) | |||
4. | Minimum Password Length (CCE-9357) | |||
5. | Password Complexity (CCE-9370) | |||
6. | Reversible Password Encryption (CCE-9260) |
System Services Settings | Section Score: 0.00 of 0.63 | |||
---|---|---|---|---|
1. | Bluetooth Support Service (CCE-10661) | |||
2. | Fax Service (CCE-10150) | |||
3. | HomeGroup Listener (CCE-10543) | |||
4. | Homegroup Provider (CCE-9910) | |||
5. | Media Center Extender (CCE-10699) | |||
6. | Parental Controls Service (CCE-10311) |
Audit Policy Settings | Section Score: 0.00 of 0.63 | |||
---|---|---|---|---|
1. | Computer Account Management (CCE-9498) | |||
2. | Other Account Management Events (CCE-9657) | |||
3. | Security Group Management (CCE-9692) | |||
4. | User Account Management (CCE-9542) | |||
5. | Process Creation (CCE-9562) | |||
6. | Logoff (CCE-8856) | |||
7. | Logon (CCE-9683) | |||
8. | Special Logon (CCE-9763) | |||
9. | File System (CCE-9217) | |||
10. | Registry (CCE-9737) | |||
11. | Audit Policy Change (CCE-10021) | |||
12. | Authentication Policy Change (CCE-9976) | |||
13. | Sensitive Privilege Use (CCE-9878) | |||
14. | IPsec Driver (CCE-9925) | |||
15. | Security State Change (CCE-9850) | |||
16. | Security System Extension (CCE-9863) | |||
17. | System Integrity (CCE-9520) |
Security Patches | Section Score: 0.00 of 0.63 | |||
---|---|---|---|---|
1. | Security Patches Up-To-Date |
Windows Firewall with Advanced Security - Domain Profile | Section Score: 0.00 of 0.63 | |||
---|---|---|---|---|
1. | Log Dropped Packets (CCE-10502) | |||
2. | Logged Successful Connections (CCE-10268) | |||
3. | Name (CCE-10022) | |||
4. | Size Limit (CCE-9747) | |||
5. | Display a Notification (CCE-9774) | |||
6. | Apply Local Connection Security Rules (CCE-9329) | |||
7. | Apply Local Firewall Rules (CCE-9686) | |||
8. | Allow Unicast Response (CCE-9069) | |||
9. | Firewall state (CCE-9465) | |||
10. | Inbound Connections (CCE-9620) | |||
11. | Outbound Connections (CCE-9509) |
Windows Firewall with Advanced Security - Private Profile | Section Score: 0.00 of 0.63 | |||
---|---|---|---|---|
1. | Log Dropped Packets (CCE-10215) | |||
2. | Logged Successful Connections (CCE-10611) | |||
3. | Name (CCE-10386) | |||
4. | Size Limit (CCE-10250) | |||
5. | Display a Notification (CCE-8884) | |||
6. | Apply Local Connection Security Rules (CCE-9712) | |||
7. | Apply Local Firewall Rules (CCE-9663) | |||
8. | Allow Unicast Response (CCE-9522) | |||
9. | Firewall state (CCE-9739) | |||
10. | Inbound Connections (CCE-9694) | |||
11. | Outbound Connections (CCE-8870) |
Windows Firewall with Advanced Security - Public Profile | Section Score: 0.00 of 0.63 | |||
---|---|---|---|---|
1. | Log Dropped Packets (CCE-9749) | |||
2. | Logged Successful Connections (CCE-9753) | |||
3. | Name (CCE-9926) | |||
4. | Size Limit (CCE-10373) | |||
5. | Display a Notification (CCE-9742) | |||
6. | Apply Local Connection Security Rules (CCE-9817) | |||
7. | Apply Local Firewall Rules (CCE-9786) | |||
8. | Allow Unicast Response (CCE-9773) | |||
9. | Firewall state (CCE-9593) | |||
10. | Inbound Connections (CCE-9007) | |||
11. | Outbound Connections (CCE-9588) |