Security Basics mailing list archives
Re: Windows Secure Build Checklist
From: Noah.Lance () APCC com
Date: Wed, 25 Feb 2009 14:36:02 -0600
You probably need to really identify what you are wanting to accomplish, securing a box in a legacy environment, or in an enterprise? Your home box? Network Appliance? Or are you wanting to accomplish a "Standard Image" to image all your boxes from so they have the "out-of-the-box" base security/configuration. This leads us into the applications on the box, but you did state just the base WindowsXP/2003 arena. However you will have to customize any checklist to accommodate to your environment. You may just want to utilize the MS Security configurator MMC, and build your local GPOs, or if its AD then you definitely need to identify current and project GPOs, and their effects. Definitely step back a bit and identify your footprint, Identify aspects that are the easiest to recognize, start your outline with this. As you secure each identified piece, you will gain the intimate knowledge of your Network/system, adding additional information to your outline, hence creating the moving checklist to assist in maintaining your Secured environment and logs for the newcomer. Most STIGs (Security Technical Implementation Guides) are well over 180pgs, with your requested checklists/steps to accomplish. But I've stuck with simplicity over the years and referenced U.S NSA/IA/DISA STIGs. CISecurity.org has a great benchmarking system. Their STIGs are based off NSA/IA/DISA/CERT standards and have the normal "leveled" security approach to accomplish over all security to environment details. These will have your "Checklists" as well, you can easily develop a nice checklist based off the Table of contents if you are in a hurry and feel quite confident in the how-to aspect. Brian Keogh <bwkeogh () gmail com> Sent by: listbounce () securityfocus com 02/23/2009 04:19 PM To security-basics () securityfocus com cc Subject Windows Secure Build Checklist All, I'm aware of various tools and peice-meal procedures regarding secure build guidance for Windows XP/2003 Server/Desktop machines. Can anyone please point me in the direction of a complete checklist with regard to securing the listed operating systems. I'm really just looking for a single document for someone to work from. A straight forward checklist etc. inline with best practice. Any help appreciated. -- Best regards. Brian Keogh Information Security Specialist bwkeogh () gmail com
Current thread:
- Windows Secure Build Checklist Brian Keogh (Feb 24)
- Re: Windows Secure Build Checklist Victor A. Abrahamsen (Feb 25)
- RE: Windows Secure Build Checklist Jason Hurst (Feb 25)
- Re: Windows Secure Build Checklist Nikhil Wagholikar (Feb 25)
- RE: Windows Secure Build Checklist Florian Sicking (Feb 25)
- RE: Windows Secure Build Checklist Jacob (Feb 26)
- Message not available
- Re: Windows Secure Build Checklist Brian Keogh (Feb 26)
- Re: Windows Secure Build Checklist Victor A. Abrahamsen (Feb 25)
- <Possible follow-ups>
- Re: Windows Secure Build Checklist rohnskii (Feb 25)
- Windows Secure Build Checklist David S (Feb 25)
- Re: Windows Secure Build Checklist jblanto5 (Feb 25)
- Re: Windows Secure Build Checklist Noah . Lance (Feb 25)
- Re: Windows Secure Build Checklist jfvanmeter (Feb 26)
- Re: Windows Secure Build Checklist Mike Devlin (Feb 26)
- Re: Windows Secure Build Checklist jfvanmeter (Feb 26)