Educause Security Discussion mailing list archives

Re: Security Checklists or Scripts

From: Anthony Maszeroski <maszeroskia3 () SCRANTON EDU>
Date: Fri, 16 Jan 2009 10:39:07 -0500

We've used the CIS benchmarks as well. Someday I'd like to get to a more
formalized certification and accreditation process. In the meantime, I'm
hoping to publish recommended baseline security standards.

Holland II, Richard H wrote:

On 1/15/09 2:09 PM, "Brenda B Gombosky" <brenda.gombosky () LOUISVILLE EDU>
wrote:

    I am interested in what others are using to check security of new
    servers being placed in production -  Windows, Linux etc.  Are you
    using scripts or checklists?  Thanks in advance!


    Brenda B. Gombosky, CISSP, CISM, CHSP
    Director, Enterprise Security
    Information Technology
    University of Louisville
    Miller IT Center, Room 109
    Louisville, KY 40292
    (502)852-5037
    (502)419-6689


We use the CIS Benchmarks scripts. They work really well and cover many
of the OSes that we run. They provide pdf documents as well as script
scoring tools.

http://www.cisecurity.org/


--
Rick Holland
rick {dot} holland {at} utdallas {dot} edu
Senior Information Security Analyst
The University of Texas at Dallas


--
- Anthony Maszeroski, CCNA
-----------------------------------
Information Security Manager
The University of Scranton
email : maszeroskia3 () scranton edu
phone : 570-941-4226
-----------------------------------

Current thread:

Security Checklists or Scripts Brenda B Gombosky (Jan 15)
- <Possible follow-ups>
- Re: Security Checklists or Scripts Sarazen, Daniel (Jan 15)
- Re: Security Checklists or Scripts Holland II, Richard H (Jan 15)
- Re: Security Checklists or Scripts Anthony Maszeroski (Jan 16)