Appendix B: Testing the Windows XP Security Guide
Updated: April 13, 2006 IntroductionThe function of the Windows XP Security Guide is to provide proven and repeatable configuration guidance to secure computers that run Microsoft® Windows® XP Professional with Service Pack 2 (SP2) in a variety of environments. The Windows XP Security Guide was tested in a lab environment to ensure that the guidance works as expected. The documentation was checked for consistency and all recommended procedures were tested by the Windows XP Security Guide test team. Tests were performed to verify functionality, but also to help users of the guidance to reduce the amount of resources that are needed to build and test their own implementations of the solution. ScopeThe Windows XP Security Guide was tested in a lab environment for two different security environments—Enterprise Client (EC) and Specialized Security – Limited Functionality (SSLF). These environments are described in Chapter 2, "Configuring the Active Directory Domain Infrastructure." Tests were conducted based on the criteria that are described in the following "Test Objectives" section. A vulnerability assessment of the test lab environment that was used to secure the Windows XP Security Guide solution was out of scope for the test team. Penetration testing was performed by partners. Test ObjectivesThe Windows XP Security Guide test team was guided by the following test objectives:
Finally, the guidance should be repeatable and reliably usable by a Microsoft Certified Systems Engineer (MSCE) with two years of experience. Test EnvironmentThe test environment consisted of a Windows Server 2003 SP1 Active Directory® directory service, computers for infrastructure server roles that provided domain controller, DNS, and DHCP services, and other computers for application server roles that provided file, print, Web, CA, and Microsoft Exchange 2003 e-mail services. The desktop and laptop client computers in the domain used Windows XP Professional with SP2. The network also contained two client computers that used Windows XP Professional with SP2 in workgroup mode that were used to test stand-alone security templates. Laptop computers in the domain network were reused to test stand-alone laptop security templates. The following figure illustrates the test network. Figure B.1 The network that was used to test the Windows XP Security Guide in domain and stand-alone mode See full-sized image
The network in the following figure was developed to test the legacy templates that are included with this guide. Figure B.2 The network that was used to test the legacy security templates that are included with this guide See full-sized image
Testing MethodologyThis section describes the procedures that were followed to test the Windows XP Security Guide. The test team established a lab that incorporated the networks that are illustrated in the previous section. The test team executed a quick proof of concept (POC) test pass and then two more robust test cycles. During each pass the team strove to stabilize the solution. A test cycle was defined as a sequence of the following two incremental build phases:
The details of each phase are provided in the following "Phases in a Test Pass" section. The "Test Preparation Phase" section describes the steps that were performed to ensure that the lab environment was free of any issues that could cause a misinterpretation of the actual test results after both of the environment scenarios were hardened through the two incremental build phases. In each test pass, different sets of test cases were executed. These tests are explained in the "Types of Tests" section later in this appendix. Phases in a Test PassThis solution was tested in the phases that are described in the following subsections. Any critical issues that were found in a build phase were raised as bugs and resolved in that phase before the test team moved to the next incremental phase. This method ensured that critical issues were resolved quickly. It also minimized the need for resources that would be needed to debug issues that were found in later phases. Test Preparation PhaseThis phase set up the baseline network to which the solution was applied. It consisted of the following steps. To perform the test preparation phase
Manual Configuration PhaseThis phase is often the first security build phase. It consists of the following build procedure. To perform the manual configuration phase
Group/Local Policy Configuration PhaseIn this phase, the Group Policy objects (GPOs) are applied at the domain and organizational unit (OU) levels. GPOs are applied to the different OUs based on the recommendations in Chapter 2, "Configuring the Active Directory Domain Infrastructure." For stand-alone Windows XP client computers, local policy is configured. This phase consists of the following steps. To perform the Group/Local Policy configuration phase
Test Execution DetailsChapters 2 through 6 of the Windows XP Security Guide provide instructions for applying the security recommendations to the domain, Windows XP desktop computers, Windows XP laptop computers, and Windows XP stand-alone client computers for the Enterprise Client (EC) and Specialized Security – Limited Functionality (SSLF) environments that are defined in the guide. These recommendations are accompanied by a Microsoft Excel® workbook, security templates, Administrative Templates and automated scripts. The automated scripts are used to import templates into the local GPO on the secure stand-alone client computers. This section explains how the recommendations were implemented and tested. Chapter 2: Configuring the Active Directory Domain InfrastructureComplete the following procedures to test this chapter. To verify the baseline network
To start the manual configuration phase
To implement the OU structure configuration
Chapter 3: Security Settings for Windows XP ClientsThis chapter describes the primary settings that are configured through Group Policy in a Windows Server 2003 domain. The chapter prescribes policy settings for the two defined security environments to ensure that Windows XP with SP2 desktops and laptops are secure. To configure the security template settings
Chapter 4: Administrative Templates for Windows XPThis chapter describes how to configure and apply additional policy settings on computers that run Microsoft Windows XP with SP2 by using Administrative Templates. To configure the Administrative Template settings
Chapter 5: Securing Stand-Alone Windows XP ClientsThis chapter describes the primary policy settings that are set through local computer policy. The prescribed setting values will help ensure that stand-alone desktops and laptops in the organization that run Windows XP with SP2 are secure. To configure security settings on stand-alone Windows XP clients
Chapter 6: Software Restriction Policy for Windows XP ClientsThis chapter allows administrators to identify and control the software that runs in their domain. The tool that is used to accomplish this control is a policy-driven mechanism called software restriction policy. To configure software restriction policy
Verifying Group Policy Download on the XP ClientIn the previous sections, GPOs were applied to OUs, which then applied the GPOs to the computers in the OUs. Complete the following steps to confirm the successful download of Group Policy from the domain controller to a Windows XP client computer. It is assumed that the client computer was restarted after the GPO was linked to the OU. To verify Group Policy download on a Windows XP client computer
Types of TestsThe test team performed the following types of tests during the testing phases to ensure that the secured Windows XP client computers are able to perform basic tasks without significant loss of functionality. You may want to refer to the Excel workbook "Windows XP Security Guide Test Cases.xls," which is in the \Windows XP Security Guide Tools and Templates\Test Tools folder that is included in the download for this guide. This workbook file contains the complete list of test cases that were executed for domain–based XP client computers and stand-alone XP client computers, as well as details such as test scenarios, execution steps, and expected results. Application TestsThese tests check whether user applications that are installed on the Windows XP client computers (such as the Office 2003 application suite, Windows Media® Player, and a few more) work properly. For more details about the test cases, refer to the Microsoft Excel workbook Windows XP Security Guide Test Cases.xls that is included with this guide. Automated Script TestsSome of the test case scenarios were scripted in VBScript. These test cases are primarily concerned with proper functionality of Windows XP client computers that use network–based services, such as domain logon, password change, and print server access. The VBScript files for these test cases are available in the \Windows XP Security Guide Tools and Templates\Test Tools folder that is included in the download for this guide. Basic Verification TestsThese test cases are a subset of the Application, Automated Script and Internet tests. They are basic tests that cover a variety of different scenarios, such as the ability to run applications that are installed on the client, client-server communication tests, the ability to access the Internet and download patches, and tests that monitor errors on the host. These test cases are also executed when you establish a baseline for the network during the Test Preparation phase. Documentation Build TestsThese tests validate that the statements, procedures, and functions that are documented in the implementation guidance are accurate, unambiguous, and complete. No separate test cases are listed for these tests. Functional TestsThese tests are designed to verify that the system that was built from the build guidance works correctly and as expected. They verify the functionality, health, and effect of the build procedures on the desktop and laptop client computers. Internet–Based TestsToday's computer users typically need to access the Internet. These test cases ensure that some of the common day-to-day capabilities (browse to Web sites, use the Windows Messenger service, and download critical updates from the Microsoft Update site) are not affected by the lockdown of the Windows XP client computer. Pass and Fail CriteriaBefore tests were performed, the following criteria were defined to ensure defect prevention and bug resolution:
Release CriteriaThe primary release criterion for the Windows XP Security Guide was related to the severity of bugs that were still open. However, other issues that were not being tracked through bugs were also discussed. The criteria for release are:
Bug ClassificationThe bug severity scale is described in the following table. The scale is from 1 to 4, with 1 as the highest severity and 4 as the lowest severity. Table B.1 Bug Severity Classification
SummaryThis document enables an organization that implements the Windows XP Security Guide to understand the procedures and steps that were used to test the implementation of the solution in a test lab environment. The actual experience of the Windows XP Security Guide test team is captured in this document, which includes descriptions of the test environment, types of tests, the release criteria, and bug classification details. All of the test cases that were executed by the test team passed with the expected results. The test team confirmed that the requisite functionality was available after the recommendations from the Windows XP Security Guide for the defined environments were applied. |
|