RE: MS Service Packs

["Justin F. Knox" <jknox () indexzero org>]

I would take further precautions with regards to updating windows boxes.
Windows Update will detect just about everything that isn't up to date
on a system, yes. However, applying SP3 and all the latest hotfixes may
not be enough to ensure reasonable security:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/tools.asp

The checklists there are handy, but of particular note are the
following:
Microsoft Baseline Security Analyzer
IIS Lockdown Tool (a must if you're using IIS!)
HFNetChk Security Tool

HFNetChk is an excellent tool to use in addition to Service Packs and
Windows Update. I use it after Windows Update to ensure that I've got a
gotten all the 'security' hotfixes.

the IIS Lockdown tool should have been shipped with the OS in the first
place. After you have installed IIS (4, 5, 5.1, or beyond), run this
tool and pick a template based upon what your IIS installation will do
(Exch2k, simple web server w/no asp or front page extensions or
anything, etc). The tool will perform a 'lockdown' procedure on the web
server, removing unnecessary items and 'features' in the process.

hope those tools help you out

regards,
justin

--snip--


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------