Security Basics mailing list archives
Re: Windows Secure Build Checklist
From: rohnskii () gmail com
Date: Wed, 25 Feb 2009 00:30:59 -0700
"All" in one checklist, good luck. Security is a huge topic. There are lots of tips checklists out there, but in the end you are going to have to rummage through them and build your own checklist. Here is a small sample of my "collection" of "hardening" tips and some articles for you to check out on a wide range of topics: http://www.cisecurity.org/benchmarks.html - Center for Internet Security Benchmarks and Scoring Tools http://www.djack.com.pl/download/secure/DGSWEFinal.pdf - Securing Win in the Enterprise (210 pgs) http://www.microsoft.com/downloads/details.aspx?FamilyID=fb8b981f-227c-4af6-a44b-b115696a80ac&DisplayLang=en - Windows Server 2008 Security Guide - this is a big one, from the "horses ... mouth" http://www.microsoft.com/downloads/info.aspx?na=47&p=2&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=fb8b981f-227c-4af6-a44b-b115696a80ac&u=details.aspx%3ffamilyid%3d8A2643C1-0685-4D89-B655-521EA6C7B4DB%26displaylang%3den - Windows Server 2003 Security Guide http://www.microsoft.com/downloads/info.aspx?na=47&p=3&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=fb8b981f-227c-4af6-a44b-b115696a80ac&u=details.aspx%3ffamilyid%3d2D3E25BC-F434-4CC6-A5A7-09A8A229F118%26displaylang%3den - Windows XP Security Guide http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1331487,00.html - The 10 most common Windows security vulnerabilities http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1337883,00.html - A Windows security checklist for IT managers http://technet.microsoft.com/en-ca/library/dd366061.aspx - This MS page has links to many checklists that might fit your request http://www.windowsecurity.com/articles/Unique-Group-Policy-Security-Settings.html - Unique Group Policy Security Settings (search this site for more stuff, it is really good) http://www.windowsecurity.com/articles/Understanding-Roles-Server-2003-Security-Policies.html - although this isn't one of the versions you asked about, the general concepts apply http://blogs.computerworld.com/the_best_way_to_disable_autorun_to_be_protected_from_infected_usb_flash_drives - granted this is only one specific major point in a checklist, just want to make sure you have it http://cyberforge.com/weblog/aniltj/archive/2003/11/20/183.aspx - Win XP: surviving the first day, intended for home users, but you might find something useful, especially the links at the end. http://www.windowsitlibrary.com/Content/1783/04/toc.html - Securing the Network Mgmt process (book) http://www.windowsecurity.com/articles/Reducing-Attack-Surface-Administrator-Account.html http://articles.techrepublic.com.com/5100-10878_11-6078514.html - Explore the Security Configuration Wizard in Windows 2003 Server http://techrepublic.com.com/5206-10878-0.html?forumID=102&threadID=223902&start=0 - Lock down the BIOS to defend against rogue users http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008.html http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008-Part-1.html http://articles.techrepublic.com.com/5100-10878_11-6059618.html - 10 things you should know about working with NTFS permissions http://www.microsoft.com/downloads/details.aspx?FamilyID=1b6acf93-147a-4481-9346-f93a4081eea8&displaylang=en - Threats and Countermeasures Guide server 2003 & XP http://technet.microsoft.com/en-us/library/dd349791.aspx - Threats and Countermeasures Guide: Security Settings in Windows Server 2008 and Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyID=5534bee1-3cad-4bf0-b92b-a8e545573a3e&displaylang=en - Security Compliance Management Toolkit Series, check bottom for links to kits specific to: All, office 2007, Server 2003/2008, Vista, XP http://www.microsoft.com/downloads/details.aspx?familyid=95A85136-F08F-4B20-942F-DC9CE56BCD1A&displaylang=en - The Security Monitoring and Attack Detection Planning Guide http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1126483,00.html - Locking down services on XP client workstations ***** this is definitely one you'll want to use http://www.windowsecurity.com/articles/Increasing-Security-Limited-User-Accounts-Restricted-Groups.html http://www.windowsecurity.com/articles/How-Nest-Users-Groups-Permissions.html http://antivirus.about.com/od/securitytips/ht/ie6dep.htm - How to enable DEP in Internet Explorer 6 (there is also a version for IE 7) http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026940 - How to make Windows XP last for the next seven years. There are some good tips in here, I would skip the eye candy since a typical "older" XP pc would not have the CPU/GPU to support the unnecessary visual frills. http://downloads.techrepublic.com.com/abstract.aspx?docid=304246 - How do I secure M$ Win XP Pro http://antivirus.about.com/od/securitytips/ss/hosts.htm?nl=1 - Protecting the HOSTS file Using Spybot Search & Destroy. There are other ways of protecting HOSTS. http://ist.uwaterloo.ca/security/howto/2002-03-15/ - Windows NT/2000/XP Hardening, University of Waterloo (I've got a pdf version of this doc/site) http://windows.uwaterloo.ca/Managed/LocalCHGs/ACPC_Manual.htm - How to Configure Your PC to Academic Support Standards. Here is an example of a checklist that includes the settings in the link above and a link at the bottom to printer friendly version. http://www.pcworld.com/article/111121/windows_tips_supercharge_windows_by_paring_unneeded_services.html http://www.microsoft.com/downloads/info.aspx?na=47&p=4&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=fb8b981f-227c-4af6-a44b-b115696a80ac&u=details.aspx%3ffamilyid%3dA3D1BBED-7F35-4E72-BFB5-B84A526C1565%26displaylang%3den - Windows Vista Security Guide http://www.beyondtrust.com/documentation/whitePapers/WP-Building%20a%20Secure%20and%20Compliant%20Windows%20Desktop.pdf - Building a Secure & Compliant Win (Vista) desktop. A starting point only
Current thread:
- Windows Secure Build Checklist Brian Keogh (Feb 24)
- Re: Windows Secure Build Checklist Victor A. Abrahamsen (Feb 25)
- RE: Windows Secure Build Checklist Jason Hurst (Feb 25)
- Re: Windows Secure Build Checklist Nikhil Wagholikar (Feb 25)
- RE: Windows Secure Build Checklist Florian Sicking (Feb 25)
- RE: Windows Secure Build Checklist Jacob (Feb 26)
- Message not available
- Re: Windows Secure Build Checklist Brian Keogh (Feb 26)
- Re: Windows Secure Build Checklist Victor A. Abrahamsen (Feb 25)
- <Possible follow-ups>
- Re: Windows Secure Build Checklist rohnskii (Feb 25)
- Windows Secure Build Checklist David S (Feb 25)
- Re: Windows Secure Build Checklist jblanto5 (Feb 25)
- Re: Windows Secure Build Checklist Noah . Lance (Feb 25)
- Re: Windows Secure Build Checklist jfvanmeter (Feb 26)
- Re: Windows Secure Build Checklist Mike Devlin (Feb 26)
- Re: Windows Secure Build Checklist jfvanmeter (Feb 26)