As part of developing Bandolier Security Audit Files for various control system components, see the full list here, we need to start with security audit files for the recommended OS security settings. These recommended settings are then modified as necessary for the SCADA or DCS to operate, and the ICS application security settings are added to the audit file as well.
In the case of Windows 7 and Windows 2008 Server we followed the Microsoft security guidance and developed these files in house because we couldn’t find any with the level of detail needed. We call these OS audit files the Bandolier Baselines as they are what the Bandolier Security Audit Files are built from. They can be very useful for auditing and assessing how any server or workstation compares to the industry recommendations, and we use them frequently in our assessments.
Today we are updating the Bandolier Baseline for Windows Server 2008 R2. There are no new audit tests; this is a bug fix in an very detailed file. A number of security professionals are using these files and were kind enough to forward bug fix information. Most of the fixes fall into two categories:
- Text errors – Somehow we managed to make some typos, especially with extra spaces. For example a policy value of ” Local Users” does not match the actual value of “Local Users” because the policy has a space before the L.
- Specific value rather than range – The best example is a password policy where the password length was 8 and now is 8 or greater. You may want to set a specific example for your organization, but Reid convinced me the Bandolier Baseline should have a range, minimum, or maximum for settings like these.