Security Basics mailing list archives

Re: Server hardening

From: aaaa () bbbb com
Date: Tue, 24 Mar 2009 20:26:14 -0600

You say you understand but you don't follow through. If you really understood you would have at least given us some
basic information to allow us to help you.

What OS (Win Nix ...)? What version of the OS (Server 2000, 2003, 2008)? What is the function of the Server (Email,
Web, Internal access only, External Access)? Just to name the most basic questions.

We can throw references at you, at random, but it would be much easier for you and everyone if you would answer those
questions.

In the mean time here are a few guesses at what you might be looking for:

http://dl.scriptlogic.com/landing/security-explorer/security-explorer-ebook.aspx - Securing Win in the Enterprise (210
pages, not a checklist, but provides lots of info you can select from to create your own checklist)

http://searchwindowssecurity.stage.techtarget.com/tip/0,289483,sid45_gci1232800,00.html - Harden your file servers with
Windows wizard tool (The Security Configuration Wizard (SCW), part of Windows Server 2003 Service Pack 1 and Windows
Server 2003 R2, is an easy way to automate the rollout of a consistent file server security policy.)

http://technet.microsoft.com/en-ca/library/cc751389.aspx - Windows 2000 Server Baseline Security Checklist. M$ has
about 20 other similar checklists at the same location. It is an "archive" so it is mostly for older software
versions, but, you still can use them as starting points of a customized checklist for newer versions of the same
software.

http://www.whitehats.ca/downloads/cerberus/hardening_windows_2000_server.pdf - Hardening Windows 2000 Server - this is
a checklist you can work from

downloads.techrepublic.com.com/abstract.aspx?&#8203;docid=172737 - Windows Server 2003 Lock it down in 10 steps. Be
sure to search more at this site, they have lots of good stuff that will probably answer your need

# searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_&#8203;gci1153466,00.html - Top 10 services to lock down
on Windows Server 2003. This is another site worth searching for other specific tips, checklists

http://www.windowsecurity.com/articles/Top-5-Security-Settings-Audit.html - Top 5 Security Settings to Audit

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------

Current thread:

Server hardening venkatesh . selvaraju (Mar 24)
- RE: Server hardening Corey Bobb (Mar 24)
- Re: Server hardening exzactly (Mar 24)
- Re: Server hardening Adam Pal (Mar 24)
- <Possible follow-ups>
- Re: Server hardening aaaa (Mar 25)
- RE: Server hardening Chitre, Salil (Mar 25)