Security Basics mailing list archives
Re: Windows Secure Build Checklist
From: Noah.Lance () APCC com
Date: Wed, 25 Feb 2009 14:36:02 -0600
You probably need to really identify what you are wanting to accomplish,
securing a box in a legacy environment, or in an enterprise? Your home
box? Network Appliance?
Or are you wanting to accomplish a "Standard Image" to image all your
boxes from so they have the "out-of-the-box" base security/configuration.
This leads us into the applications on the box, but you did state just the
base WindowsXP/2003 arena. However you will have to customize any
checklist to accommodate to your environment. You may just want to utilize
the MS Security configurator MMC, and build your local GPOs, or if its AD
then you definitely need to identify current and project GPOs, and their
effects.
Definitely step back a bit and identify your footprint, Identify aspects
that are the easiest to recognize, start your outline with this. As you
secure each identified piece, you will gain the intimate knowledge of your
Network/system, adding additional information to your outline, hence
creating the moving checklist to assist in maintaining your Secured
environment and logs for the newcomer.
Most STIGs (Security Technical Implementation Guides) are well over
180pgs, with your requested checklists/steps to accomplish. But I've stuck
with simplicity over the years and referenced U.S NSA/IA/DISA STIGs.
CISecurity.org has a great benchmarking system. Their STIGs are based off
NSA/IA/DISA/CERT standards and have the normal "leveled" security approach
to accomplish over all security to environment details. These will have
your "Checklists" as well, you can easily develop a nice checklist based
off the Table of contents if you are in a hurry and feel quite confident
in the how-to aspect.
Brian Keogh <bwkeogh () gmail com>
Sent by: listbounce () securityfocus com
02/23/2009 04:19 PM
To
security-basics () securityfocus com
cc
Subject
Windows Secure Build Checklist
All,
I'm aware of various tools and peice-meal procedures regarding secure
build guidance for Windows XP/2003 Server/Desktop machines. Can
anyone please point me in the direction of a complete checklist with
regard to securing the listed operating systems. I'm really just
looking for a single document for someone to work from. A straight
forward checklist etc. inline with best practice.
Any help appreciated.
--
Best regards.
Brian Keogh
Information Security Specialist
bwkeogh () gmail com
Current thread:
- Windows Secure Build Checklist Brian Keogh (Feb 24)
- Re: Windows Secure Build Checklist Victor A. Abrahamsen (Feb 25)
- RE: Windows Secure Build Checklist Jason Hurst (Feb 25)
- Re: Windows Secure Build Checklist Nikhil Wagholikar (Feb 25)
- RE: Windows Secure Build Checklist Florian Sicking (Feb 25)
- RE: Windows Secure Build Checklist Jacob (Feb 26)
- Message not available
- Re: Windows Secure Build Checklist Brian Keogh (Feb 26)
- Re: Windows Secure Build Checklist Victor A. Abrahamsen (Feb 25)
- <Possible follow-ups>
- Re: Windows Secure Build Checklist rohnskii (Feb 25)
- Windows Secure Build Checklist David S (Feb 25)
- Re: Windows Secure Build Checklist jblanto5 (Feb 25)
- Re: Windows Secure Build Checklist Noah . Lance (Feb 25)
- Re: Windows Secure Build Checklist jfvanmeter (Feb 26)
- Re: Windows Secure Build Checklist Mike Devlin (Feb 26)
- Re: Windows Secure Build Checklist jfvanmeter (Feb 26)