Re: Windows NT

[David LeBlanc <dleblanc () mindspring com>]

At 08:48 PM 3/1/99 -0500, Scot Anderson wrote:
> Does anybody have a good reference for specific measures to "lock up" a
> Windows NT installation?  I understand that this may be considered an
> oxymoron, but I know there are some things that are a good idea to do
> with it in order to close some of the more obvious holes.

What are you using it for?  A kiosk and a web server have vastly different
requirements.  One good place to start is Steve Sutton's NSA paper at
www.trustedsystems.com.  Another good resource would be to take a look at
what the various security scanners check for - I work for ISS, and so am
biased toward the tool I helped build.

You may also want to subscribe to the various NT security mailing lists -
there is one sponsored by ISS, and you can join it by sending a subscribe
message to majordomo () iss net.  Two others that are very good and useful are
Russ Cooper's lists - see http://www.ntbugtraq.com.

Since you're asking a very general question, you may also want to go get
some books - Steve Sutton's book is good, as is Mark Edward's.  If you're
working with IIS, the IIS Resource Kit, chapter 8 is excellent.


David LeBlanc
dleblanc () mindspring com