Re: Locking down workstation

["Dana Epp" <dana () vulscan com>]

Here is a good start for you on some resources to assist you in hardening
your workstation(s).

The NSA released some unclassified documents on ways to reduce the attack
surface of you Microsoft based operating systems. I found the Windows XP and
2000 guides a good starting point if you are wanting to "button down the
hatches" for those platforms. The documents are clear and concise and step
through a lot of different aspects.

You can find the index at: http://www.nsa.gov/snac/, or go directly to the
Windows XP Guide at: http://www.nsa.gov/snac/winxp/download.htm

If you are using Linux or Mac OSX, consider taking a look at something like
Bastille. They have scripts that can harden your distribution in just a few
steps. You can get more information at: http://www.bastille-linux.org/

Short of that, consider using least privilege, and consider what you MUST
have running. If you are not sure, turn it off. You will find out quick
enough if it's something that should be turned on. *lol*

Good luck. Happy hardening.

---
Regards,
Dana M. Epp


----- Original Message ----- 
From: "Mada Dulate" <madadulate () hotmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, June 10, 2003 2:04 PM
Subject: Locking down workstation


> hey all,
>
> I've learned a lot from this list (thank you) but I've tried to lurk a
bit,
> expected this issue to come up before I posted.  Time's up.
>
> Firewalls are certainly a good practice, hopefully getting better, but if
> I'm really concerned with security and as a responsible netizen looking to
> stem the spread of disease, don't I want to do the best I can to close up
> unused ports and services on every destop in my network.
>
> I admit I don't really know the implications of this from an
administrator's
> point of view, and I don't know how to audit this, but the reading I've
> stumbled on is very directed at server strategy.
>
> This is more to open a discussion than a personal request.  All responses
> can be directed to the list.
>
> Thanks!
>
> Mada
>
> _________________________________________________________________
> Add photos to your e-mail with MSN 8. Get 2 months FREE*.
> http://join.msn.com/?page=features/featuredemail
>
>
> --------------------------------------------------------------------------
-
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> --------------------------------------------------------------------------
--
>


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------