DISA requires renaming and disabling the guest account. I understand the logic, rename the account from the get-go and then if you use it (not that I know anyone that does), it is not the default name. This is easily done with a GPO.
DISA has guidelines about seriously restricting access to the log files but makes no mention of encryption. Robert On Tue, May 10, 2011 at 11:19 PM, Sean Martin <seanmarti...@gmail.com>wrote: > Thanks, everyone, for confirming I wasn't off base for thinking this was > an unusual request. I should've known better because these are the same > auditors that "preferred" we rename the domain guest account even though it > is disabled. Just another line item to cross off their checklists I guess. > > - Sean > > > On May 10, 2011, at 6:58 PM, Level 5 Lists <li...@levelfive.us> wrote: > > I have 2 clients that get audited by trustwave annually onsite, and > quarterly pen tests. In all the audits I have done with different auditors > no one has requested us to do this. We do event log collection into an sql > database that is not encrypted. No one has also ever asked that we encrypt > that database either. > > > > You can look for yourself on the PCI requirements checklist and see if this > is mentioned anywhere. They are updated annually at least. > > > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* Tuesday, May 10, 2011 10:51 PM > *To:* NT System Admin Issues > *Subject:* Re: Encrypting Event Logs > > > > Indeed! :) > > > > > *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) > *Harnessing the Advantages of Technology for the SMB market...** > * > * * > > > > On Tue, May 10, 2011 at 7:42 PM, Free, Bob <r...@pge.com> wrote: > > Yea, what you said. Another in a long line of totally clueless auditors…. > > > > Sometimes I think their only goal in life is to come up with a finding that > no one else ever has before.. > > > > *From:* Michael B. Smith [mailto:mich...@smithcons.com] > *Sent:* Tuesday, May 10, 2011 3:04 PM > > > *To:* NT System Admin Issues > > *Subject:* RE: Encrypting Event Logs > > > > Tttthhhhbbbbbttttt. > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > <http://theessentialexchange.com/><http://theessentialexchange.com/> > > > > *From:* Sean Martin [mailto:seanmarti...@gmail.com] > *Sent:* Tuesday, May 10, 2011 3:43 PM > *To:* NT System Admin Issues > *Subject:* Encrypting Event Logs > > > > Good morning/afternoon, > > > > My manager has requested I look for ways to "encrypt the event logs on our > DCs". Apparently during one of our many audits (governing body to remain > nameless) one of the auditors insisted that we should be encrypting the > event logs on our DCs. I have since requested a formal finding be provided > by the auditor indicating the perceived risks so that I can first identify > if we have any mitigating controls already in place. > > > > With that, I thought I would start looking around for specific solutions. > We're currently running Windows 2003 DCs in a Windows 2003 Native AD > environment. I'm not finding a whole lot of solutions specific to encrypting > "event logs". We are planning on introducing Windows 2008 R2 DCs this year > so I will research bit locker, but, I'm concered about the inter-operability > with Symantec SIM. > > > > I'm still working with very little information so I'm probably missing a > lot of content. I guess I would just like to find out if anyone else has > received similiar directives from an audit and what solutions or mitigating > controls helped satisfy the auditor's concerns. > > > > - Sean > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin