Back to Basics Quiz -- Redmondmag.com

Back to Basics Quiz

Are you the master of your Windows domain?

By Doug Barney and Michael Desmond
08/01/2006

You may be a genius with AD, a master crafter of applications and a conqueror of collaboration. In all the excitement, though, you may be forgetting something. With so many products, technologies and outright threats to wrestle with, it can be easy even for seasoned IT pros to forget the fundamentals.

So put down the plan for that big Web 2.0 project for a minute, and take a moment to make sure you've covered all your IT bases with this quick quiz.

Backup and Recovery

Do you perform regular data backups?

Yes [5 points]
No [0 points]

Does your backup strategy involve off-site tape rotation for disaster recovery purposes?

Yes [5 points]
No [0 points]

If Yes, is the off-site location far enough away that it won't be hit by a region-wide disaster?

Yes [5 points]
No [0 points]

Do you incorporate special, additionally scheduled backups for archival purposes?

Yes [5 points]
No [0 points]

Do you perform periodic restores to verify backup data? If so, how often?

Never [0 points]
Monthly [5 points]
Quarterly [4 points]
Bi-annually [3 points]
Annually [1 points]

Do you have an information lifecycle management (ILM) strategy that includes offsite backup for disaster recovery?

Yes [5 points]
No [0 points]

Does your backup strategy extend to remote offices?

Yes [5 points]
No [0 points]

Password Policy

Do you require complex passwords with a mix of numbers and symbols?

Yes [5 points]
No [0 points]

If not, do you require passphrases of greater than 15 characters that include spaces?

Yes [5 points]
No [0 points]

Do you specify a minimum number of characters for passwords? If so, how many?

No minimum [0 points]
4-6 [2 points]
7-13 [3 points]
14 or more [5 points]

Do you require end users to change their passwords?

Never [0 points]
Every month [5 points]
Every two months [4 points]
Once a year [2 points]

If so, does this password change policy also affect Unix users?

Yes [5 points]
No [0 points]

Have you presented user training on information security, social hacking, and the importance of strong passwords and protection of data?

Yes [5 points]
No [0 points]

Have you hired a professional security company to perform a security assessment involving penetration testing?

Yes [5 points]
No [0 points]

If Yes, have you incorporated the suggestions of that testing into your operations?

Yes [5 points]
No [0 points]

Do you incorporate policies that enforce screen saver locks when users walk away from their machines?

Yes [5 points]
No [0 points]

Malware Management

What rights level do most of your end-users operate at?

Administrator [0 points]
Power User [3 points]
Limited Rights [5 points]

Have you implemented a plan to adopt least- privileged user rights?

Yes [5 points]
No [0 points]

Have you deployed anti-virus software across the enterprise? What platforms have you deployed to?

Not deployed [0 points]
Clients only [2 points]
Clients and servers [3 points]
Clients, servers, and gateways [5 points]

How often are virus signatures updated?

Hourly [5 points]
Daily [4 points]
2-3 times per week [3 points]
Weekly [2 points]
Monthly [1 points]
Not updated regularly [0 points]

Have you deployed anti-spyware software?

Yes [5 points]
No [0 points]

Do you have a proven ability to remove spyware if machines are infected?

Yes [5 points]
No [0 points]

Does anti-virus and anti-spyware protection extend to company laptops not regularly attached to the network?

Yes [5 points]
No [0 points]

Do you employ a spam filter?

Yes [5 points]
No [0 points]

Have you secured both your externally facing and internal SMTP servers against unauthenticated relay?

Yes [5 points]
No [0 points]

Are users trained in how to minimize spam (such as do not reply)?

Yes [5 points]
No [0 points]

Is your company in compliance with the Can-Spam Act?

Yes [5 points]
No [0 points]

License Management

Are you comfortable that you are in compliance with software licensing?

Yes [5 points]
No [0 points]

Have you deployed an asset management system that automatically inventories machines for licensed software?

Yes [5 points]
No [0 points]

Do you have proof of ownership of all your software licenses?

Yes [5 points]
No [0 points]

Vendor Management

Do you have rules for buying from a startup?

Yes [5 points]
No [0 points]

Do you look at the finances of smaller vendors you buy from?

Yes [5 points]
No [0 points]

Do you require source code in escrow from less secure vendors?

Yes [5 points]
No [0 points]

Do you make sure that mission critical tools are only bought from financially secure vendors?

Yes [5 points]
No [0 points]

Does your IT team have a plan to either support a product if the vendor goes under or a plan to switch to another tool?

Yes [5 points]
No [0 points]

Online Application Management

Do you prohibit or manage public network IM traffic and clients on your network?

Yes [5 points]
No [0 points]

Do you monitor and/or filter IM traffic?

Yes [5 points]
No [0 points]

Do you have a way of controlling what IM clients are installed on local machines?

Yes [5 points]
No [0 points]

Do you prohibit or manage remote access applications like VNC or GoToMyPC on your network?

Yes [5 points]
No [0 points]

Do you prohibit or manage peer-to-peer on your network?

Yes [5 points]
No [0 points]

Do you have a standard for peer-to-peer?

Yes [5 points]
No [0 points]

Do you have a way of controlling what is installed?

Yes [5 points]
No [0 points]

Active Directory

Does your backup solution include backups of your Active Directory database?

Yes [5 points]
No [0 points]

Do you have a plan in place for an AD restore in case of a lost object, domain controller, domain or forest?

Yes [5 points]
No [0 points]

Have you appropriately locked down Domain Administrator rights to as few people as possible?

Yes [5 points]
No [0 points]

Do you have a policy to ensure your Schema Admins and Enterprise Admins group remains empty of users until they require access for a particular purpose (least privileged policy)?

Yes [5 points]
No [0 points]

Management and Monitoring

Do you incorporate automated systems management in your network (like Altiris or SMS) that includes an inventory function?

Yes [5 points]
No [0 points]

Do you have a monitoring solution in your network that incorporates pager or phone notification when systems go down or hard drives die?

Yes [5 points]
No [0 points]

Is your monitoring system tuned to eliminate or reduce false positives and false negatives?

Yes [5 points]
No [0 points]

Do you have a policy in place such that system administrators know what to do when a page occurs?

Yes [5 points]
No [0 points]

Do you have an out-of-band notification system for your employees to notify them of issues when the e-mail system is down?

Yes [5 points]
No [0 points]

General Security

When was the last time you performed a risk/security assessment?

Less than one year ago [5 points]
One to two years ago [3 points]
Two to four years ago [2 points]
More than four years ago [1 points]
Never [0 points]

Do you have a security policy? Is it documented and are end users aware of points relevant to them such as acceptable use?

Yes [5 points]
No [0 points]

Do you have a patch management policy?

Yes [5 points]
No [0 points]

Does your patch management policy include provisions for laptops not necessarily attached to your network or users' home machines attached to work via VPN?

Yes [5 points]
No [0 points]

Are your wireless networks protected with strong encryption?

Yes [5 points]
No [0 points]
Do not use wireless networks [5 points]

Do you get Microsoft Security Bulletins as soon as they appear?

Yes [5 points]
No [0 points]

Does your patch management policy include service level agreements including metrics for time-to-patch and compliance percentage?

Yes [5 points]
No [0 points]

Do you have a short-cut path for highly critical patches in your process?

Yes [5 points]
No [0 points]

Do you have IDS/IPS to augment your firewalls?

Yes [5 points]
No [0 points]

Do you have an action plan in place to handle extended emergencies?

Yes [5 points]
No [0 points]

How Good Are You?

Add up your score and see where you fall:

[305 to 241]
Domain Controller: You've mastered your domain and you're ready to take on new challenges. Do you have your eye on the CIO's office?
[240 to 181]
Human Firewall: Your network is in good hands. Security is solid and operations are efficient, but there's always room for some fine-tuning.
[180 to 121]
Tech Plugger: You've made a fair showing, but your techniques and tactics need improvement.
[120 to 61]
Security Slacker: You had better pick it up or you're going to get picked off. Your network is low hanging fruit for hackers.
[60 to zero]
IT Idiot: You need to find another line of work -- please.

Featured

Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.
Using Microsoft Office to Build a Network Diagram, Part 1

Keeping documentation is a great way to ease your future hardware refresh and have what you need for insurance purposes.
Microsoft Claims Breakthrough in Quantum Computing Reliability

A new paper details Microsoft's recent progress in quantum computing -- specifically, its development of a system that is both significantly less prone to errors and better at correcting them.