Submit a request

Nerdio Help Center

What is Secure score? How do I view "Secure score" for my account?


Applies to: All Nerdio for Azure (NFA) Enterprise and all Nerdio Private Cloud (NPC) customers


Secure score is Nerdio’s way of helping you secure your IT resources and environment by improving your security posture. Nerdio analyzes your account’s security based on your regular activities and security settings and assigns a numerical value referred to as “Secure score” to your account. This score helps you proactively uncover security vulnerabilities so that you can avert serious threats and secure your organization’s digital footprint.

Superhero

NERDIO SUPERHERO TIP
bulletpoint The “Secure score” is a measure of where you stand currently in terms of security and what needs to be done to achieve your security targets. Nerdio has come up with a set of best practices to secure their accounts, and "Secure score" is an accumulation of these points in comparison to a maximum score.

Secure Score is not an absolute measure of how likely you are to get breached. It only expresses the extent to which you have adopted security best practices which minimizes the risk of being breached. 

Who can view an account's "Secure score"?

Only an IT admin has the permission to access the Secure Score. Users who aren't assigned an admin role won't be able to access "Secure Score”. However, admins can print and share “Secure score” reports with others in their organization and take necessary actions.

How do I view Secure score for my account?

If you are a NPC or a NFA user, log in to Nerdio Admin Portal (NAP) with your login credentials and follow steps below to view your secure score. NPC and NFA partner admins can also view their accounts' "Secure score" in the same way, with a slightly different user interface (UI).

On Home page, from main menu, click Security option as shown below:

login_to_NPA.png

Expand Security drop-down and click Security Score option as shown below:

Secure_score_option.png

You will be redirected to the Secure score page. The Secure Score page is divided into three sections as shown below:

  • Nerdio Secure Score
  • Score breakdown
  • Score History 

 

Secure_score_feature.gif

Let us explore each section.


Secure Score

This section displays your secure score and a breakdown based on the health of your Nerdio resources -Desktops, Servers, Office 365, Network and Data as shown below:

 

Secure_score_screen.png

 

Note: You can determine the status of your account's security by looking at the icon next to the score (refer screenshot above). The following table shows the meaning of each icon:

Icon Secure score
Green checkmark 75% or more
Yellow warning 50% to 75%
Red stop less than 50% 

Your account's secure score should be at least 50% or greater. The score shown on the screen above is based on the health of your Nerdio resources, captured as of Oct 29, 2018, 11:33 PM CT. You can click the Refresh button (refer screen above) if you want to see the updated secure score at any point of time. 

Score breakdown

This section consists of the rules or various factors which contribute to the overall health of your account as shown below:

Score_breakdown.png

Note: The individual score for each rule is also color coded:

  • A score in green indicates your account settings are "OK" or "enabled" for the given rule.
  • A score in red indicates your account settings are "NOT OK" or "disabled" for the given rule and that you need to take some action to increase your rating. Refer table below for more details.

Your account’s secure score is calculated based on the following standard rules:

Rule Significance Score

Two-factor authentication (Windows) account setting is enabled

Nerdio safeguards access to your desktop data and applications with an extra layer of authentication, via a dynamic passcode sent to your registered mobile number, in addition to your login credentials.

x out of 5. If setting is enabled, entire five points are awarded.

In example above, two-factor authentication not enabled, as a result, the score is 0 and hence marked in red

Mobile number is present for 37% of users

Nerdio automatically enforces two factor authentication for user accounts that have user mobile numbers registered. So the more the number of users with mobile numbers in NAP, the higher the score.

x out of 20

In example above, mobile number has been entered for 37% of users, as a result 37% of 20, or 7 points have been awarded and hence marked in green

Geo-fencing is enabled

Applies to NPC only. Nerdio restricts access to its resources and environment based on your geographical location. This features prompts you to ensure that only users from select geographies access Nerdio resources.

x out of 20. If setting is enabled, entire twenty points are awarded.

In example above, geo-fencing has enabled for accounts, so 20 points have been awarded and hence marked in green

Login disabled for 14% of inactive users (haven't logged in for two weeks)

This feature ensures that you check all user logins under your account and disable the ones which haven't been accessed for more than two weeks.

x out of 20. If all inactive logins are disabled, entire twenty points are awarded.

In example above, login has been disabled for only 14% of inactive users, so the score is 1 and hence marked in green

Automatic desktop locking on inactivity in 15 minutes

This feature prompts you to enable automatic desktop locking GPO policies for all user desktops- to prevent unauthorized access. The policies are- Enable screen saver, Screen saver timeout and Password protect the screen saver.

x out of 5. If automatic desktop locking policies are enabled, entire five points are awarded.

In example above, GPO policies have not been enabled, so 0 points are awarded and hence marked in red

Password policy - complexity requirements is enabled

This feature prompts you to enforce GPO password policy for setting up a strong password.

x out of 5. If "set complex password policy" is enabled, entire five points are awarded.

In example above, the "set complex password policy" is enabled, so 5 points are awarded and hence marked in green

Password policy - enforce password history and max age is less than 90 days

This feature prompts you to enforce GPO policies for password history and and changing the password every 3 months.

x out of 5. If "update password policy" is enabled, entire five points are awarded.

In example above, the "update password policy" is not, so 0 points are awarded and hence marked in red

Gateway and Proxy servers are the only servers in DMZ

This feature prompts you to check that you haven't placed servers other than Gateway and Proxy server in DMZ, which might accidentaly open up ports

x out of 10. If condition is met, entire ten points are awarded.

In example above, a server other than Gateway and Proxy server was found in DMZ, so 0 points are awarded and hence marked in red

Two factor authentication (Office 365) account setting is enabled

This feature ensures that you enable the global setting for two factor authentication of Office 365 account logins.

x out of 5. If setting is enabled, entire five points are awarded.

In example above, two-factor authentication for Office 365 is  enabled, as a result, the score is 5 and hence marked in green

MFA is enabled or enforced for 0% of users

This feature ensures that in addition to enabling global setting, you enable multi-factor authentication on user accounts

x out of 20. If setting is enabled, entire twenty points are awarded.

In example above, multi-factor authentication is not enabled, as a result, the score is 0 and hence marked in red

Email forwarding to external email addresses is disabled

This feature restricts users to forward emails from their account to non- corporate email addresses such as gmail etc.

x out of 10. If setting is enabled, entire ten points are awarded.

In example above, email forwarding is enabled, as a result, the score is 10 and hence marked in green

User(s) have been assigned to IT Department group

This feature prompts you to check that one or more users are added to IT department group to carry out admin tasks.

x out of 10. If condition is met, entire ten points are awarded.

In example above, one or more users are assigned to IT Department group, as a result, the score is 10 and hence marked in green

Two to five users in IT Department group

This feature prompts you to check that not more than five users are added to IT department group for security purposes.

x out of 5. If condition is met, entire five points are awarded.

In example above, two to five users are in IT Department group, as a result, the score is 5 and hence marked in green

No users with domain admin access

This feature prompts you to ensure that there are one or more users with domain admin access rights to control all user accesses in a specific domain

x out of 10. If setting is enabled, entire ten points are awarded.

In example above, there are no users with domain admin access, as a result, the score is 0 and hence marked in red

No inactive VPN connections (VPN connection is dormant)

This feature prompts you to ensure that all dormant VPN connections are removed.

x out of 10. If condition is met, entire ten points are awarded.

In example above, dormant VPN connections have not been deleted, as a result, the score is 0 and hence marked in red

Enhanced security (multi-factor authentication) is enabled for portal login

The "Enhanced Security" feature is Nerdio’s way of implementing Multi-Factor Authentication (MFA) for securing NAP accounts. This feature prompts you to enable MFA for all Nerdio Admin Portal (NAP) users.

x out of 10. If setting is enabled for Nerdio Admin portal (NAP) login, entire ten points are awarded.

In example above, enhanced security is not enabled for NAP login, as a result, the score is 0 and hence marked in red

Backup is enabled

This feature prompts you to enable regular data backups for each server in your account.

x out of 5. If setting is enabled, entire ten points are awarded.

In example above, backup is not enabled, as a result, the score is 0 and hence marked in red

0% of servers are included in backup routine

This feature prompts you to schedule regular data backups for each server in your account.

x out of 10. If all servers are included in backup routine, entire ten points are awarded.

In example above, no servers are included in backup routine, as a result, the score is 0 and hence marked in red

SAN-level encryption of data-at-rest

This feature prompts you to make sure data is securely encrypted when stored to disk. For NFA accounts all disks must be managed disks to take advantage of Azure's encryption of data-at-rest. For NPC accounts, data-at-rest is automatically encrypted for Enterprise accounts.

x out of 10. If condition is met, entire ten points are awarded.

In example above, SAN-level encryption of data-at-rest is not in place, as a result, 0 points are awarded and hence marked in red

Dedicated DR compute capacity

Applicable to NPC only. This feature prompts you to ensure that you have a dedicated Disaster Recovery (DR) compute capacity in place. This is included for NPC Enterprise accounts.

x out of 10. If condition is met, entire ten points are awarded.

In example above, dedicated DR compute capacity is not enabled, as a result, 0 points are awarded and hence marked in red


Score history

This is a graphical representation of your account’s secure score over a period of time as shown below:

Score_history.png

Additional security features

In addition to Secure score, Nerdio offers several security capabilities and services to protect your account:

  1. Enhanced Security and Desktop Security features: Read full article at: https://help.nerdio.net/hc/en-us/articles/360020309171
  2. Security notifcations and Security reports: Read full article at:
    https://help.nerdio.net/hc/en-us/articles/360020055692>/a>

 

Was this article helpful?
0 out of 0 found this helpful

Comments

Please sign in to leave a comment.