Re: Windows Secure Build Checklist

[rohnskii () gmail com]

"All" in one checklist, good luck. Security is a huge topic. There are lots of tips checklists out there, but in the 
end you are going to have to rummage through them and build your own checklist.  Here is a small sample of my 
"collection" of "hardening" tips and some articles for you to check out on a wide range of topics:

http://www.cisecurity.org/benchmarks.html - Center for Internet Security Benchmarks and Scoring Tools

http://www.djack.com.pl/download/secure/DGSWEFinal.pdf - Securing Win in the Enterprise (210 pgs)

http://www.microsoft.com/downloads/details.aspx?FamilyID=fb8b981f-227c-4af6-a44b-b115696a80ac&DisplayLang=en  - Windows 
Server 2008 Security Guide - this is a big one, from the "horses ... mouth" 

http://www.microsoft.com/downloads/info.aspx?na=47&p=2&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=fb8b981f-227c-4af6-a44b-b115696a80ac&u=details.aspx%3ffamilyid%3d8A2643C1-0685-4D89-B655-521EA6C7B4DB%26displaylang%3den
 - Windows Server 2003 Security Guide

http://www.microsoft.com/downloads/info.aspx?na=47&p=3&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=fb8b981f-227c-4af6-a44b-b115696a80ac&u=details.aspx%3ffamilyid%3d2D3E25BC-F434-4CC6-A5A7-09A8A229F118%26displaylang%3den
 - Windows XP Security Guide

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1331487,00.html - The 10 most common Windows 
security vulnerabilities

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1337883,00.html - A Windows security checklist for 
IT managers

http://technet.microsoft.com/en-ca/library/dd366061.aspx - This MS page has links to many checklists that might fit 
your request

http://www.windowsecurity.com/articles/Unique-Group-Policy-Security-Settings.html - Unique Group Policy Security 
Settings  (search this site for more stuff, it is really good)

http://www.windowsecurity.com/articles/Understanding-Roles-Server-2003-Security-Policies.html - although this isn't one 
of the versions you asked about, the general concepts apply

http://blogs.computerworld.com/the_best_way_to_disable_autorun_to_be_protected_from_infected_usb_flash_drives - granted 
this is only one specific major point in a checklist, just want to make sure you have it

http://cyberforge.com/weblog/aniltj/archive/2003/11/20/183.aspx - Win XP: surviving the first day, intended for home 
users, but you might find something useful, especially the links at the end.

http://www.windowsitlibrary.com/Content/1783/04/toc.html - Securing the Network Mgmt process (book)

http://www.windowsecurity.com/articles/Reducing-Attack-Surface-Administrator-Account.html

http://articles.techrepublic.com.com/5100-10878_11-6078514.html - Explore the Security Configuration Wizard in Windows 
2003 Server

http://techrepublic.com.com/5206-10878-0.html?forumID=102&threadID=223902&start=0 - Lock down the BIOS to defend 
against rogue users





http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008.html

http://www.windowsecurity.com/articles/Configuring-Granular-Password-Settings-Windows-Server-2008-Part-1.html

http://articles.techrepublic.com.com/5100-10878_11-6059618.html - 10 things you should know about working with NTFS 
permissions

http://www.microsoft.com/downloads/details.aspx?FamilyID=1b6acf93-147a-4481-9346-f93a4081eea8&displaylang=en - Threats 
and Countermeasures Guide server 2003 & XP

http://technet.microsoft.com/en-us/library/dd349791.aspx - Threats and Countermeasures Guide: Security Settings in 
Windows Server 2008 and Windows Vista

http://www.microsoft.com/downloads/details.aspx?FamilyID=5534bee1-3cad-4bf0-b92b-a8e545573a3e&displaylang=en - Security 
Compliance Management Toolkit Series, check bottom for links to kits specific to: All, office 2007, Server 2003/2008, 
Vista, XP

http://www.microsoft.com/downloads/details.aspx?familyid=95A85136-F08F-4B20-942F-DC9CE56BCD1A&displaylang=en - The 
Security Monitoring and Attack Detection Planning Guide

http://searchenterprisedesktop.techtarget.com/tip/0,289483,sid192_gci1126483,00.html - Locking down services on XP 
client workstations ***** this is definitely one you'll want to use

http://www.windowsecurity.com/articles/Increasing-Security-Limited-User-Accounts-Restricted-Groups.html 

http://www.windowsecurity.com/articles/How-Nest-Users-Groups-Permissions.html

http://antivirus.about.com/od/securitytips/ht/ie6dep.htm - How to enable DEP in Internet Explorer 6 (there is also a 
version for IE 7)

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9026940 - How to make Windows XP last 
for the next seven years.  There are some good tips in here, I would skip the eye candy since a typical "older" XP pc 
would not have the CPU/GPU to support the unnecessary visual frills.

http://downloads.techrepublic.com.com/abstract.aspx?docid=304246 - How do I secure M$ Win XP Pro

http://antivirus.about.com/od/securitytips/ss/hosts.htm?nl=1 - Protecting the HOSTS file – Using Spybot Search & 
Destroy.  There are other ways of protecting HOSTS.

http://ist.uwaterloo.ca/security/howto/2002-03-15/ - Windows NT/2000/XP Hardening, University of Waterloo (I've got a 
pdf version of this doc/site)

http://windows.uwaterloo.ca/Managed/LocalCHGs/ACPC_Manual.htm - How to Configure Your PC to Academic Support Standards. 
 Here is an example of a checklist that includes the settings in the link above and a link at the bottom to printer 
friendly version.

http://www.pcworld.com/article/111121/windows_tips_supercharge_windows_by_paring_unneeded_services.html


http://www.microsoft.com/downloads/info.aspx?na=47&p=4&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=fb8b981f-227c-4af6-a44b-b115696a80ac&u=details.aspx%3ffamilyid%3dA3D1BBED-7F35-4E72-BFB5-B84A526C1565%26displaylang%3den
 - Windows Vista Security Guide

http://www.beyondtrust.com/documentation/whitePapers/WP-Building%20a%20Secure%20and%20Compliant%20Windows%20Desktop.pdf 
- Building a Secure & Compliant Win (Vista) desktop.  A starting point only