Pre-audit checklist to ensure a smooth onsite audit
- Confirm all software (including Adobe, Java, etc) is fully up to date on all devices including servers. (You must download and install Nessus Professional. They have a 7-day trial version of Nessus Professional for a Credentialed Patch Scan)
- Remove all software that is rarely used on each device – old browsers such as Firefox are a common issue.
- For devices running macOS please enable file sharing. This option is in system preferences --> Sharing
- For the devices running Windows 10, the startup type set to "Manual" for the Windows service “RemoteRegistry". This option is opened by typing “services” in search bar on Windows 10 home screen
- Also for devices running Windows 10, the following registry value needs creating, this option is opened by typing "regedit" in search bar on the Windows 10 home screen.
- Hive and key path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
- On System, right click then select New --> DWORD (32-bit) Value / REG_DWORD
- Value name: LocalAccountTokenFilterPolicy
- Value data: 1 (decimal)
- Ensure all devices including laptops have up to date AV engines and signature files – preferably using an enterprise management dashboard app.
- Ensure all executable attachments are prevented from being delivered to the email client.
- Ensure the AV plugin for each browser in use has been activated and updated.
The auditor will ask you to provide the following
- Domain administrator level access. Either create a new admin account for the audit process, or ensure someone with admin level is present during the audit.
- A list of all devices (Firewalls, Servers, PCs, laptops, workstations, tablets and mobile phones) that are in scope with details of their current operating system. Please note, if Windows 10 is in use a registry edit will be required for these devices to allow the scans to run. I will provide further details on this at a later date if applicable.
- A full user listing with details of who will be present on the day of the assessment, please include email addresses.
- A consent form will be required prior to starting the onsite test and this will be prepared once the visit dates have been agreed.
The testing process includes the following tests
- Confirmation of the devices to be tested
- Scanning of devices to identify vulnerabilities using Nessus Professional scanning software – requires details of the admin credentials for each device
- Observing and gathering evidence (screenshots) of how devices process emails with test attachments – access to user device required
- Observing and gathering evidence of how devices handle downloads of file attachments from our test websites – access to user device required
- Checking the installation and configuration of anti-virus software