I think there are still some facilities that can make use of it, but it's probably there more for backwards compatibility at this point.
Easy enough to keep disabled. *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) *Harnessing the Advantages of Technology for the SMB market... * On Wed, May 11, 2011 at 6:09 AM, James Rankin <kz2...@googlemail.com> wrote: > I think renaming of accounts is seriously outdated now, personally. The SID > can just as easily be used to identify the account anyway. I'm surprised MS > still maintain the "Guest" account - I've never known anyone use it, as you > say. > > > On 11 May 2011 11:05, Robert Cato <cato.rob...@gmail.com> wrote: > >> >> DISA requires renaming and disabling the guest account. I understand the >> logic, rename the account from the get-go and then if you use it (not that I >> know anyone that does), it is not the default name. This is easily done with >> a GPO. >> >> DISA has guidelines about seriously restricting access to the log files >> but makes no mention of encryption. >> >> Robert >> >> On Tue, May 10, 2011 at 11:19 PM, Sean Martin <seanmarti...@gmail.com>wrote: >> >>> Thanks, everyone, for confirming I wasn't off base for thinking this >>> was an unusual request. I should've known better because these are the same >>> auditors that "preferred" we rename the domain guest account even though it >>> is disabled. Just another line item to cross off their checklists I guess. >>> >>> - Sean >>> >>> >>> On May 10, 2011, at 6:58 PM, Level 5 Lists <li...@levelfive.us> wrote: >>> >>> I have 2 clients that get audited by trustwave annually onsite, and >>> quarterly pen tests. In all the audits I have done with different auditors >>> no one has requested us to do this. We do event log collection into an sql >>> database that is not encrypted. No one has also ever asked that we encrypt >>> that database either. >>> >>> >>> >>> You can look for yourself on the PCI requirements checklist and see if >>> this is mentioned anywhere. They are updated annually at least. >>> >>> >>> >>> *From:* Andrew S. Baker [mailto:asbz...@gmail.com] >>> *Sent:* Tuesday, May 10, 2011 10:51 PM >>> *To:* NT System Admin Issues >>> *Subject:* Re: Encrypting Event Logs >>> >>> >>> >>> Indeed! :) >>> >>> >>> >>> >>> *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) >>> *Harnessing the Advantages of Technology for the SMB market...** >>> * >>> * * >>> >>> >>> >>> On Tue, May 10, 2011 at 7:42 PM, Free, Bob < <r...@pge.com>r...@pge.com> >>> wrote: >>> >>> Yea, what you said. Another in a long line of totally clueless auditors…. >>> >>> >>> >>> Sometimes I think their only goal in life is to come up with a finding >>> that no one else ever has before.. >>> >>> >>> >>> *From:* Michael B. Smith [mailto: <mich...@smithcons.com> >>> mich...@smithcons.com] >>> *Sent:* Tuesday, May 10, 2011 3:04 PM >>> >>> >>> *To:* NT System Admin Issues >>> >>> *Subject:* RE: Encrypting Event Logs >>> >>> >>> >>> Tttthhhhbbbbbttttt. >>> >>> >>> >>> Regards, >>> >>> >>> >>> Michael B. Smith >>> >>> Consultant and Exchange MVP >>> >>> <http://theessentialexchange.com/>http://TheEssentialExchange.com<http://theessentialexchange.com/> >>> >>> >>> >>> *From:* Sean Martin [mailto: <seanmarti...@gmail.com> >>> seanmarti...@gmail.com] >>> *Sent:* Tuesday, May 10, 2011 3:43 PM >>> *To:* NT System Admin Issues >>> *Subject:* Encrypting Event Logs >>> >>> >>> >>> Good morning/afternoon, >>> >>> >>> >>> My manager has requested I look for ways to "encrypt the event logs on >>> our DCs". Apparently during one of our many audits (governing body to remain >>> nameless) one of the auditors insisted that we should be encrypting the >>> event logs on our DCs. I have since requested a formal finding be provided >>> by the auditor indicating the perceived risks so that I can first identify >>> if we have any mitigating controls already in place. >>> >>> >>> >>> With that, I thought I would start looking around for specific solutions. >>> We're currently running Windows 2003 DCs in a Windows 2003 Native AD >>> environment. I'm not finding a whole lot of solutions specific to encrypting >>> "event logs". We are planning on introducing Windows 2008 R2 DCs this year >>> so I will research bit locker, but, I'm concered about the inter-operability >>> with Symantec SIM. >>> >>> >>> >>> I'm still working with very little information so I'm probably missing a >>> lot of content. I guess I would just like to find out if anyone else has >>> received similiar directives from an audit and what solutions or mitigating >>> controls helped satisfy the auditor's concerns. >>> >>> >>> >>> - Sean >>> >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
