Unit 8 Assignment 1 Network Hardening

Citation: Chambers D, Wilson P, Thompson C, Harden M (2012) Social Network Analysis in Healthcare Settings: A Systematic Scoping Review. PLoS ONE 7(8): e41911. https://doi.org/10.1371/journal.pone.0041911

Editor: Enrico Coiera, University of New South Wales, Australia

Received: March 15, 2012; Accepted: June 29, 2012; Published: August 3, 2012

Copyright: © Chambers et al. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Funding: This work was done as part of the Translating Research into Practice in Leeds and Bradford project funded by the National Institute for Health Research (NIHR) as part of the Collaboration for Leadership in Applied Health Research and Care (CLAHRC) for Leeds, York, and Bradford. The views expressed in this article are those of the authors and not necessarily those of the NIHR or the CLAHRC. The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.

Competing interests: The authors have declared that no competing interests exist.

Introduction

Diffusion of innovations theory provides a framework for explaining how new ideas and practices spread within a social system [1]. In the UK, there has been renewed interest in the application of this theory to health care, due largely to concerns about the lack of uptake, and translation into practice, of knowledge on the effects of interventions in health care. Research funded by the NIHR (National Institute for Health Research) Service Delivery and Organisation Programme [2] and more recently the development of NIHR Collaborations for Leadership in Applied Health Research and Care (CLAHRCs), has refocused attention on the role of social interactions and networks in the ability of health service organisations to identify and exploit knowledge from outside the National Health Service (NHS).

Social network analysis (SNA) offers a means of mapping and exposing the hidden channels of communication and information flow, collaboration and disconnects between people in strategically important groups within an organisation [3], [4], [5], [6]. Rather than focusing solely on the strength of individual relationships, it explores the types of relationships that condition communication and learning. Social network analysis has been widely used across a range of disciplines but is most commonly applied to help improve the effectiveness and efficiency of decision making processes in commercial organisations. It does have some tradition of use in diffusion research [7], [8].

As part of the NIHR CLAHRC for Leeds, York and Bradford, we are utilising SNA to inform the development and implement of tailored behaviour-change interventions. These interventions are aimed at increasing the translation of research-based findings into local practice [9]. Our hope is that by taking a network perspective we will be able to identify, target and support those relationships and collaborations that generate better uptake and utilisation of knowledge. To inform this work, we have conducted this systematic scoping review of SNA studies conducted in a healthcare setting.

Our primary objective was to evaluate the use of SNA as part of an intervention to support the implementation of change in healthcare organisations. A secondary objective was to identify and describe studies that report the results of an SNA undertaken in a healthcare setting: and attempt to assess what they tell us about the role and influence of social networks in healthcare organisations.

Methods

The review was carried out in accordance with a protocol developed in advance (File S1). The PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) checklist for this paper is presented as File S2.

Literature Search

The literature search aimed to systematically identify social network analyses of healthcare professionals in any healthcare setting. A broad search strategy was initially developed on MEDLINE (OvidSP) using free text terms, synonyms and subject headings relating to social networks and methods used to investigate them. The strategy consisted of the main term social networks, various terms relating to the methods used to analyse or measure social networks, such as sociometrics, sociograms, sociomaps, and named software commonly used in social network analysis e.g. UCINET, NetDraw. In addition, the subject headings interprofessional relations, interdisciplinary communication and physician-nurse relationships were included in the strategy. The search strategy was adapted for use in the other databases searched.

The following databases were searched from 1950 to October 2011: MEDLINE and MEDLINE In-Process & Other Non-Indexed Citations; EMBASE; PsycINFO; Health Management Information Consortium (HMIC); the Cochrane Library (Cochrane Database of Systematic Reviews, Database of Abstracts of Reviews of Effects, Cochrane Central Register of Controlled Trials, Cochrane Methodology Register and Health Technology Assessment Database); CINAHL; Business Source Premier; Social Science Citation Index; Conference Proceedings Citation Index- Social Science & Humanities; and ASSIA. As social network analysis developed from 1950’s onwards, retrieval of studies was restricted to those published after 1950. No language restrictions or study design filters were applied to the search strategy. Further details of the database search strategy can be found in File S3.

The reference lists of relevant reviews and guidelines and included studies were checked for further potentially relevant studies. We also searched the website of the International Network for Social Network analysis (www.insna.org), including linked sites and the contents of the journal Connections. We hand searched the journals Social Networks and Implementation Science and contacted experts in the field with a view to identifying additional studies. Records were managed within an Endnote library (Endnote version X3).

Inclusion and Exclusion Criteria

Titles and abstracts of records identified by the searches were assessed by two authors (DC and PW) independently. Full-text copies of any items thought to potentially meet the review inclusion criteria were obtained and assessed against the review inclusion criteria by the same two authors. Disagreements were resolved by consensus or by reference to a third author (CT).

To be eligible for the review, studies had to describe and report the results of an SNA performed with healthcare professionals (e.g. doctors, nurses, pharmacists, radiographers etc.) and others involved in their professional social networks (e.g. administrative, support and secretarial staff) in any healthcare setting. Those that went on to report on the use of the results of the SNA as part of an intervention to change some aspect of policy or practice were classified as level I studies. Studies that described the existing social networks in the organisation without reporting any follow-up action or its results were classified as level II studies.

Randomised and non-randomised controlled trials, controlled before and after studies and interrupted time series studies were eligible for inclusion as level I studies. Eligible comparisons were between organisations (SNA performed and used vs. no SNA) or within an organisation (before vs. after SNA performed and used). Level II studies could be of any design and did not need to have a comparator.

Outcomes of interest were any measure of the performance of a healthcare organisation or of individuals within it. Studies that used changes to social networks (measured by a follow-up SNA) as outcome measures were also eligible. Level II studies could have properties of the social network as outcomes.

Studies that used questionnaires or interviews to identify ‘opinion leaders’ but did not conduct an SNA were excluded, as were studies of patients’ and carers’ social networks.

Quality Assessment and Data Extraction

Data on settings, participants, methods of data collection, SNA methods and results/conclusions were extracted from study reports by one author and checked by another. Separate data extraction sheets were developed and piloted for level I and level II studies. Quality (risk of bias) of level I studies was assessed by two authors (DC and PW) independently using the criteria of the Cochrane EPOC (Effective Practice and Organisation of Care) Group. Disagreements were resolved by discussion.

Data Synthesis

Heterogeneity of settings, interventions and outcomes precluded meta-analysis. We therefore performed a narrative synthesis of the included studies. Level I and level II studies were considered separately. Limited outcome data meant that the synthesis of level II studies was descriptive.

Results

The study selection process is summarised in Figure 1. In total we included 52 completed studies, reported in 62 publications, of which only one was a level I study (i.e. it reported on a SNA in a healthcare setting and included use of the results as part of an intervention to change policy or practice) [10]. One ongoing study with no results available at the time of writing but with a published protocol was also considered as a potential level I study [11]. Fifty-one studies (61 publications) were classified as level II studies, i.e. they described or reported a SNA conducted in a healthcare setting but without reporting any follow-up action or its results. The shortage of level I studies and the large number of level II studies with only social network outcomes reported meant that we had to resort to a largely descriptive synthesis of the studies.

Level I Study

In the only level I study found, Anderson et al. [10] conducted a quasi-experimental study using hospital services (departments) as the unit of analysis. The intervention used staff members identified (by SNA) as “educationally influential” to increase use of personal order sets (i.e. the ability to speed up ordering of drugs and tests by specifying in advance those that the doctors frequently order for their patients) within a hospital information system. Hospital data were used to construct binary consultation networks (i.e., who consulted who) among doctors in each service. Hierarchical clustering was used to generate groups of doctors with similar consultation patterns. Influential doctors (one per group) were identified based on measures of prestige in the consultation network. The influential doctors received educational outreach about the advantages of personal order sets. Control services received no intervention. There were 109 doctors in the experimental group and 231 in the control group but the number of educationally influential doctors was not reported. Quality assessment revealed a number of design limitations including non-random assignment and differences between experimental and control groups at baseline (see Table S1). This study was classified as a level I study rather than an opinion leader study because the influential physicians were identified based on their position in the social network rather than on peer nominations.

Level II Studies

Selected characteristics of included studies are reported in Tables 1, 2, 3. The largest group of included studies (24) were conducted in the USA. There were 13 studies from European countries (excluding the UK), five from Canada, five from Australia and only three [12], [13], [14], [15] from the UK. Only one of the included studies was conducted in a low or middle-income country [16]. Participants who supplied social network data were doctors (18 studies), teams or mixed groups of health professionals (17 studies), nurses (nine studies) or other health professionals including administrators, emergency planners and policy makers (seven studies). Over half of the studies (32) were conducted in secondary or tertiary care settings, nine in primary care and only five involved both primary and secondary care.

Social network data were collected by surveys in the great majority of studies. Observation of social interactions was used in three studies [17], [18], [19]. Use of process logs or other administrative data to construct social networks was reported in four studies [17], [20], [21], [22].

Almost all of the studies used a comparative or non-comparative cross-sectional design, with data collected at a single time point. The exceptions are briefly discussed below.

Scott et al. used data collected as part of a randomised trial to demonstrate how SNA can be used to characterize and compare communication patterns in primary care practices [18]. Nair et al. [23] used data from a market research survey (including opinion leader data) and prescription data for a new drug to quantify the impact of social interactions and peer effects in the context of physicians’ prescription choices. A study by Barrera et al. of the development of trust among nurses and other staff in a dialysis department in a Dutch hospital used social network data collected at several time points over a 1-year period [17]. Finally, Baumgart et al. [20] investigated social networks among operating room staff before and after a change in layout. This study was not classified as a level I study because the SNA was descriptive and not used to inform the intervention (change in operating room layout).

The two most common areas of focus identified via a qualitative examination of the studies were explorations of social networks in relation to service provision and organisation (19 studies) and their those examining the role of social networks in the context of behaviour change (22 studies, including diffusion of innovations, opinion leaders and other aspects of social influence). Other areas of focus included decision-making [24], interpersonal relations, [25] information sharing behaviour [22] and social support [17], [26], [27].

Key findings of studies that looked at service provision and organisation included differences in actual and perceived nature of social networks among professionals from different disciplines and weakness of links across disciplines [28], [29], [30], [31], [32]. A number of studies recommended training or other measures to strengthen such links. The potential value of SNA to measure team function and use the information to improve working processes was another finding of studies in different settings [33], [34].

SNA has been used to study social influence on health professionals and particularly the diffusion of innovations since the 1950s [7], [35]. Studies included in the review reported on differences across settings, for example the increased importance of social networks in smaller groups [35], [36], and on the importance of particular groups (for example, university-based surgical oncologists in a cancer network [37]) in promoting adoption of new practices. Jippes et al. reported that social networks were more effective than training for disseminating a new structured feedback technique [38].

SNA can also reveal the networks used by health professionals for social support, with studies reporting on the importance of close ties with co-workers in a potentially stressful setting (psychiatric hospital) [39]; the differences between nurses working normal and flexible schedules [26]; and the potential of early social support to reduce distrust among nursing team members [17].

The studies varied from those that appeared to be applying the methodology of SNA in a healthcare setting [18], [40] to some that suggested the usefulness of SNA for understanding and possibly changing the structure and processes of healthcare organisations. However, the latter group stopped short of suggesting how this might be achieved. For example, Creswick et al. stated that the results of SNA ‘can provide insights of potential benefit to emergency department staff, their leaders, policymakers and researchers’ [29] but did not enlarge on what the benefits might be. Samarth et al. [34] suggested ways in which social networks might be redesigned to improve patient flow through a post-anaesthesia care unit in a US teaching hospital. The authors referred to plans for a future study that ‘tests the effects of reconfiguration of social network patterns’. This study would change their work from a level II to a level I study in our terminology.

In summary, the level II studies report the results of SNAs conducted in a variety of healthcare settings, mainly using survey data and a cross-sectional design. While some hint at the possibility of using the results to design or implement interventions to change policy or practice, the majority are purely descriptive in nature.

Ongoing Studies

We identified five relevant ongoing studies, three of which are funded by the NIHR Service Delivery and Organisation programme as part of its knowledge mobilisation [41], [42] and models of service delivery [43] research themes. Sales et al. [11] have published a protocol for a study of the impact of social networks on knowledge transfer in long-term care facilities, specifically the uptake and use of feedback reports (monthly reports documenting processes of care linked to modifiable outcomes). The study is intended to contribute to the design of interventions using social networks to promote knowledge translation. As such it can be considered as a potential level I study. Bradley et al. [31] published a preliminary report of a study using SNA to study integrated working between general practitioners and community pharmacists in the UK. The authors state that the study has the potential to ‘ensure that future policy decisions related to integrated working are evidence based’. However, no further details of the study were available at the time of writing.

Discussion

This systematic scoping review presents to our knowledge the most comprehensive overview of SNA studies conducted in a healthcare setting. Fifty-two completed studies met our inclusion criteria, with an additional five identified as ongoing.

However, our primary objective was to identify and evaluate the use of SNA as part of an intervention to support the implementation of change in healthcare organisations. What is striking is that nearly all the literature is descriptive in nature; and only one study has used the results of an SNA to bring about change, specifically to increase the use of personal order sets by physicians in a hospital information system.

The search strategy employed was deliberately broad, and we searched a number of relevant databases and other sources with no language or study design restrictions to reduce the chance that relevant studies were missed and to prevent language bias. As an aid to transparency, we have included the list of excluded studies as Table S2. However, we anticipate that there may be a grey literature of potentially relevant studies that our searches have been unable to access. For example, the report by Cunningham et al. discussed below [44] was not located by any of our systematic searches but by a preliminary less systematic internet search. In the commercial sector, SNA are often conducted to examine the effectiveness of internal/external communications and to inform the implementation of change management programmes. It is very likely that similar studies have been conducted in health care settings but also that the reports of such activity have not been made publicly available. This phenomenon represents a form of ‘publication bias’. There is potential for further research to examine the presence/magnitude of this literature in specific sectors, for example by a survey of relevant healthcare organisations.

The major limitation of the review reflects the limitations of the evidence base and the almost complete lack of studies involving SNA as part of an intervention. The use of sociometric questionnaires to identify opinion leaders appears commonplace [45], but without the execution of an SNA component, these studies would have been excluded from our review. The numerous level II studies included in the review mostly used a cross-sectional design with no comparator and hence tell us nothing about the effect of social networks and SNA on change over time. Some studies suggested the existence of distinct networks within an organisation, e.g. advice-seeking and social, although these categories may be imposed by researchers.

We have provided a descriptive synthesis of the level II studies, including some key findings, primarily as an aid to future research. The conclusions that can be drawn from this synthesis are limited by the fact that these represent a heterogeneous group of studies whose only real common factor is the use of SNA methods to describe social interaction in a variety of healthcare settings at one specific point in time.

The one included level I study does appear to show a change in uptake of personal order sets over time but as a single study it does not provide an adequate basis for drawing conclusions. Furthermore the study had some methodological weaknesses, including differences between groups at baseline and uncertainty over whether members of the control group could have been exposed to the intervention. A more robust design to test the effectiveness of SNA in identifying influential individuals would be to compare educational outreach to individuals identified by SNA versus outreach to a randomly chosen sample.

We found one published review that covered a similar but not identical topic. Cunningham et al. [44] systematically reviewed the literature on the social and professional networks of health professionals. Despite the arguably wider focus of their review, Cunningham et al. included fewer studies than we did (40 vs. 52). This may be in part because their search covered a more limited timeframe (1995–2009) and thus the earlier research on for example, diffusion of innovations through social networks was not included. Other differences between the two reviews reflect their different objectives. While we focused on the results of SNA in healthcare settings, Cunningham et al.’s research question related to how research on social and professional networks has been used to examine the effectiveness and sustainability of networks in relation to quality of care and safety.

Cunningham et al. identified a similar range of key topics/themes to those identified by our review, including understanding the structural relationships and social context of professionals or organisations (corresponding roughly to our categories of service provision/organisation, social influence and social support), information/knowledge exchange or advice seeking of health practitioners, communication and exchange of patient clinical and other information between practitioners or organisations (covered by our service provision/organisation topic) and influence of information sources on awareness and adoption of a new technology or innovations (diffusion of innovations).

There are many factors that could help to explain the lack of visible evidence for the potential of SNA being realised in healthcare settings. For example, there are likely to be more constraints on the organisation’s ability to make change in response to the results of an SNA in a healthcare setting compared with the commercial sector. Another factor could be the background of researchers who have used SNA in healthcare settings. We did not systematically examine this but many authors of studies included in the review appear to be ‘pure’ social science researchers rather than having a background in applied or implementation research. There could be scope for qualitative research into why researchers who have performed SNAs in healthcare organisations have in many cases stopped short of suggesting concrete follow-up of their research.

Research methods used by those undertaking SNAs in healthcare settings will also be influenced by the size of the organisation; for example, small organisations allow for personal administration of questionnaires with high response rates. This may not be feasible for larger organisations but potentially more use could be made of administrative data as done in a few of the studies included in our review.

Researchers using SNA need to decide where network boundaries should be placed as relevant networks may go far beyond the boundary of the respondent’s own organisation. Another issue is the extent to which findings can be transferred beyond the context of a particular study. This is particularly relevant to attempts to use SNA as part of an intervention to change policy or practice. The use of labels like ‘bounded’ and ‘unbounded’ to describe networks may not be adequate for helping others to understand one network and apply it to their own context. An underlying theory may be helpful for guiding the development and evaluation of interventions aimed at bringing about change [46]. Although there are many theories regarding the structure of networks within and between organisations [44], it is unclear to what extent the studies included in our review used theory to guide their exploration and analysis of healthcare social networks. We did not explore this issue because it was not part of our protocol and objectives but it could be a topic for further research.

There is currently an absence of evidence to demonstrate that using SNA can enable intelligent targeting of key relationships and collaborations to facilitate better uptake and utilisation of knowledge. Future studies involving SNA in healthcare should be designed with an intervention and comparator. SNAs can be either dependent or independent variables not divorced from any other intervention (independent variable) or measurement (dependent variable). There is a risk that SNA discourse and time may foster a separation from classical literature on attribution of change to causes and questions of bias; to avoid this, level I studies need to be adequately powered and designed with appropriate comparators.

In conclusion, we found very little evidence for the potential of SNA being realised in healthcare settings. However, it seems unlikely that networks are less important in healthcare than other settings. Future research should seek to go beyond the merely descriptive to implement and evaluate SNA-based interventions.

Author Contributions

Wrote the paper: DC PW CT MH. Wrote the protocol: DC PW MH. Performed literature searches: MH. Selected studies for inclusion: DC PW CT. Extracted data: DC PW.

References

  1. 1. Rogers EM (2003) Diffusion of innovations. New York; London: Free Press.
  2. 2. Greenhalgh T, Robert G, Macfarlane F, Bate P, Kyriakidou O (2004) Diffusion of innovations in service organizations: systematic review and recommendations. Milbank Q 82(4): 581–629.
  3. 3. Wasserman S, Faust K (1994) Social network analysis: methods and applications. Cambridge: Cambridge University Press.
  4. 4. Cross R, Parker A (2004) The hidden power of social networks: understanding how work really gets done in organizations. Boston, MA: Harvard Business School Press.
  5. 5. Hanneman R, Riddle M (2005) Introduction to social network methods. Riverside, CA: University of California.
  6. 6. O’Malley AJ, Marsden PV (2008) The analysis of social networks. Health Services and Outcomes Research Methodology 8(4): 222–269.
  7. 7. Coleman J, Katz E, Menzel H (1957) The diffusion of an innovation among physicians. Sociometry 20(4): 253–270.
  8. 8. Valente TW (1996) Social network thresholds in the diffusion of innovations. Social Networks 18(1): 69–89.
  9. 9. Hanbury A, Thompson C, Wilson PM, Farley K, Chambers D, et al. (2010) Translating research into practice in Leeds and Bradford (TRiPLaB): a protocol for a programme of research. Implementation Science 5. (37)..
  10. 10. Anderson JG, Jay SJ, Perry J, Anderson MM (1990) Diffusion of computer applications among physicians: a quasi-experimental study. Clinical Sociological Review 8: 116–127.
  11. 11. Sales AE, Estabrooks CA, Valente TW (2010) The impact of social networks on knowledge transfer in long-term care facilities: protocol for a study. Implementation Science 5. (49)..
  12. 12. Grimshaw JM, Eccles MP, Greener J, Maclennan G, Ibbotson T, et al. (2006) Is the involvement of opinion leaders in the implementation of research findings a feasible strategy? Implementation Science 1. (3)..
  13. 13. West E, Barron DN (2005) Social and geographical boundaries around senior nurse and physician leaders: an application of social network analysis. Canadian Journal of Nursing Research 37(3): 132–148.
  14. 14. West E, Barron DN, Dowsett J, Newton JN (1999) Hierarchies and cliques in the social networks of health care professionals: implications for the design of dissemination strategies. Social Science & Medicine 48(5): 633–646.
  15. 15. Bradley F, Ashcroft D, Crossley N (2011) Social network analysis of contact made between community pharmacists and general practitioners. International Journal of Pharmacy Practice. (Suppl. 2)26–27.
  16. 16. Landim FLP, Fernandes AM, de Mesquita RB, Collares PMC, Frota MA (2010) Interpersonal network analysis: application to the reality of a nursing team working in a hematology unit (Portuguese). Saúde e Sociedade 19(4): 828–837.
  17. 17. Barrera D, van de Bunt GG (2009) Learning to trust: networks effects through time. European Sociological Review 25(6): 709–721.
  18. 18. Scott J, Tallia A, Crosson JC, Orzano AJ, Stroebel C, et al. (2005) Social network analysis as an analytic tool for interaction patterns in primary care practices. Annals of Family Medicine 3(5): 443–448.
  19. 19. Walton JM, Steinert Y (2010) Patterns of interaction during rounds: implications for work-based learning. Medical Education 44(6): 550–558.
  20. 20. Baumgart A, Denz C, Bender H-J, Schleppers A (2009) How work context affects operating room processes: using data mining and computer simulation to analyze facility and process design. Quality Management in Health Care 18(4): 305–314.
  21. 21. Curran J, Abidi SSR (2006) Evaluation of a discussion forum for knowledge sharing among emergency practitioners: a social network approach. Studies in Health Technology and Informatics 124: 941–946.
  22. 22. Tagliaventi MR, Mattarelli E (2006) The role of networks of practice, value sharing, and operational proximity in knowledge flows between professional groups. Human Relations 59(3): 291–319.
  23. 23. Nair HS, Manchanda P, Bhatia T (2010) Asymmetric social interactions in physician prescription behavior: the role of opinion leaders. Journal of Marketing Research 47(5): 883–895.
  24. 24. Quinlan E, Robertson S (2010) Mutual understanding in multi-disciplinary primary health care teams. Journal of Interprofessional Care 24(5): 565–578.
  25. 25. Martinez Arino J, Sala Torrent M (2009) The social networks of the San Pablo Health Centre in Zaragoza (Spain) (Spanish). Atencion Primaria 41(12): 670–674.

 All settings from the Microsoft Security Baseline settings for Windows Server 2012R2 have been applied except the following listed below:

Setting NameMicrosoft Baseline SettingSecureAuth SettingReason for changePath
Access this computer from the networkAuthenticatedUsers,AdministratorsEveryone,Administrators,Users,BackupOperators

Everyone group is required for anonymous/unauthenticated client connections to IIS

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Access this computer from the network
Adjust memory quotas for a processLocalService,NetworkService,AdministratorsLocalService,NetworkService,Administrators,*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415

Adds the GUID of the IIS AppPool\DefaultAppPool created by .Net 4

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Adjust memory quotas for a process
Audit account logon eventsNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account logon events
Audit account managementNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management
Audit directory service accessNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit directory service access
Audit logon eventsNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit logon events
Audit object accessNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access
Audit policy changeNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit policy change
Audit Policy: Account Logon: Kerberos Authentication ServiceNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Logon\Audit Policy: Account Logon: Kerberos Authentication Service
Audit Policy: Account Logon: Kerberos Service Ticket OperationsNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Logon\Audit Policy: Account Logon: Kerberos Service Ticket Operations
Audit Policy: Account Logon: Other Account Logon EventsNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Logon\Audit Policy: Account Logon: Other Account Logon Events
Audit Policy: Account Management: Application Group ManagementNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Management\Audit Policy: Account Management: Application Group Management
Audit Policy: Account Management: Computer Account ManagementSuccessSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Management\Audit Policy: Account Management: Computer Account Management
Audit Policy: Account Management: Distribution Group ManagementNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Account Management\Audit Policy: Account Management: Distribution Group Management
Audit Policy: DS Access: Detailed Directory Service ReplicationNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\DS Access\Audit Policy: DS Access: Detailed Directory Service Replication
Audit Policy: DS Access: Directory Service AccessNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\DS Access\Audit Policy: DS Access: Directory Service Access
Audit Policy: DS Access: Directory Service ChangesNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\DS Access\Audit Policy: DS Access: Directory Service Changes
Audit Policy: DS Access: Directory Service ReplicationNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\DS Access\Audit Policy: DS Access: Directory Service Replication
Audit Policy: Logon-Logoff: Account LockoutSuccessSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Policy: Logon-Logoff: Account Lockout
Audit Policy: Logon-Logoff: IPsec Extended ModeNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Policy: Logon-Logoff: IPsec Extended Mode
Audit Policy: Logon-Logoff: IPsec Main ModeNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Policy: Logon-Logoff: IPsec Main Mode
Audit Policy: Logon-Logoff: IPsec Quick ModeNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Policy: Logon-Logoff: IPsec Quick Mode
Audit Policy: Logon-Logoff: LogoffSuccessSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Policy: Logon-Logoff: Logoff
Audit Policy: Logon-Logoff: Network Policy ServerNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Policy: Logon-Logoff: Network Policy Server
Audit Policy: Logon-Logoff: Other Logon/Logoff EventsNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Policy: Logon-Logoff: Other Logon/Logoff Events
Audit Policy: Logon-Logoff: Special LogonSuccessSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Logon/Logoff\Audit Policy: Logon-Logoff: Special Logon
Audit Policy: Object Access: Application GeneratedNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Application Generated
Audit Policy: Object Access: Certification ServicesNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Certification Services
Audit Policy: Object Access: Detailed File ShareNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Detailed File Share
Audit Policy: Object Access: File ShareNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: File Share
Audit Policy: Object Access: File SystemNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: File System
Audit Policy: Object Access: Filtering Platform ConnectionNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Filtering Platform Connection
Audit Policy: Object Access: Filtering Platform Packet DropNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Filtering Platform Packet Drop
Audit Policy: Object Access: Handle ManipulationNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Handle Manipulation
Audit Policy: Object Access: Kernel ObjectNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Kernel Object
Audit Policy: Object Access: Other Object Access EventsNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Other Object Access Events
Audit Policy: Object Access: RegistryNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Registry
Audit Policy: Object Access: Removable StorageNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: Removable Storage
Audit Policy: Object Access: SAMNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access\Audit Policy: Object Access: SAM
Audit Policy: Policy Change: Authentication Policy ChangeSuccessSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Policy Change\Audit Policy: Policy Change: Authentication Policy Change
Audit Policy: Policy Change: Authorization Policy ChangeNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Policy Change\Audit Policy: Policy Change: Authorization Policy Change
Audit Policy: Policy Change: Filtering Platform Policy ChangeNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Policy Change\Audit Policy: Policy Change: Filtering Platform Policy Change
Audit Policy: Policy Change: MPSSVC Rule-Level Policy ChangeNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Policy Change\Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change
Audit Policy: Policy Change: Other Policy Change EventsNoAuditingSuccessandFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Policy Change\Audit Policy: Policy Change: Other Policy Change Events
Audit Policy: Privilege Use: Non Sensitive Privilege UseNoAuditingFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Privilege Use\Audit Policy: Privilege Use: Non Sensitive Privilege Use
Audit Policy: Privilege Use: Other Privilege Use EventsNoAuditingFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Privilege Use\Audit Policy: Privilege Use: Other Privilege Use Events
Audit privilege useNoAuditingFailureRecommended auditing levelComputer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit privilege use
Deny access to this computer from the network*S-1-5-113,GuestsGuests

Allows local users to connect

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Deny access to this computer from the network
Generate security auditsLocalService,NetworkServiceLocalService,NetworkService,*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415Adds the GUID of the IIS AppPool\DefaultAppPool created by .Net 4Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Generate security audits
Replace a process level tokenLocalService,NetworkServiceLocalService,NetworkService,*S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415Adds the GUID of the IIS AppPool\DefaultAppPool created by .Net 4Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Replace a process level token

Settings listed in KB 981949 are added by installing the IIS Role. Where they modify the Security Baseline settings, or have been modified by SecureAuth settings they are detailed below

Setting NameMicrosoft Baseline SettingMicrosoft IIS SettingSecureAuth Setting (If different)Reason for changePath
Bypass traverse checking*S-1-5-90-0,Network Service,Local Service,Backup Operators,Authenticated Users,AdministratorsEveryone,LOCAL SERVICE,NETWORK SERVICE,Administrators,Users,Backup operators*S-1-5-113,Everyone,LOCAL SERVICE,NETWORK SERVICE,Administrators,UsersWe remove Backup Operators by default, these need to be re-added if requiredComputer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Impersonate a client after authentication Administrators,Service,Local Service,Network ServiceLOCAL SERVICE, NETWORK SERVICE, Administrators, IIS_IUSRS, SERVICEDefault setting from IIS roleComputer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Log on as a batch job 

Not defined

Administrators, Backup operators, Performance log users, IIS_IUSRSAdministrators, Performance log users, IIS_IUSRSWe remove Backup Operators by default, these need to be re-added if requiredComputer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

All security hardening settings for Internet Explorer 11 have been applied except the following:

Setting NameMicrosoft Baseline SettingSecureAuth Setting (If different)Reason for changePath
PreventIgnoreCertErrors10

Allows access to SSL sites via the https://localhost path which are required for SecureAuth IDP administration.

Note - If desired this can be re-enabled as long as you have installed a valid SSL certificate and changed your shortcuts to use the host name on the certificate instead of "Localhost".

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DisableDeleteBrowsingHistory10Allows deletion of browsing history if required for support purposes.

Software\Policies\Microsoft\Internet Explorer\Control Panel

If you make changes to these policies after deployment of the IDP appliance, it is important that these changes are tracked in case support issues arise in the future.

Categories: 1

0 Replies to “Unit 8 Assignment 1 Network Hardening”

Leave a comment

L'indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *