|
Focus on Microsoft
Blessed Windows Security Templates Dec 12 2003 02:07AM RUSecure (rusecure earthlink net) (3 replies) RE: Blessed Windows Security Templates Dec 12 2003 05:58PM Jannie Hanekom (j_hanekom hotmail com) (1 replies) |
|
|
Privacy Statement |
You might find http://www.securit-e-doc.com/products/securitelok.asp of
use.
It has templates for all types of NT/2000 servers. It is not very
expensive, and works well.
_______________________________
Dave Kleiman, CISSP, MCSE, CIFI
dave (at) isecureu (dot) com [email concealed]
www.SecurityBreachResponse.com
"High achievement always takes place in the framework of high expectation."
Jack Kinder
-----Original Message-----
From: RUSecure [mailto:rusecure (at) earthlink (dot) net [email concealed]]
Sent: Thursday, December 11, 2003 21:07
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Blessed Windows Security Templates
Hello all,
I have a special request from a client.
My client is looking for anyone who will help bless the use of ANY security
Template with use for Windows 2000 and a similar configuration as I will
describe below. They would love to actually talk to someone as well if
possible.
I am on an SAP ITS Web front end engagement, so you can see why I am
recommending they seriously harden their front-end and back-end Windows
servers.
So here is the configuration.
Win2K SP4 running IIS 5.0.
SAP ITS Wgate on the front end
SAP Agate on the backend
I have NOT hardened anything yet... And desperately want to using something
the client can repeatedly reproduce for use within their organization.
I am recommending they use a Commercial tool, but that will take time, so
MMC and templates for now.
I am suggesting they use one of the Center for Internet Security Templates
(CIS - www.cisecurity.org) which are the NIST and NSA templates for the
Wgate servers in the DMZ Agate servers as well.
I want them to have the ability of checking the systems using the CIS tool
and have some level of hardening. I also suggest since they do not use and
security templates on standalone or through AD that they need to move to
this direction for repeatability and basic security worthiness. They can use
MMC to manage and apply these templates and command line it for reproduction
and compliance.
So has ANYONE used ANY template on a configuration similar to the one I
listed ? It does NOT have to be SAP as any basic WEB front end using
IISLockDown with a Static Web server and NOTHING else required except
Insight Manager and SNMP and PcAnywhere.
I recommended the following templates:
Win2KSrvGold_r1.0.1.inf
Or
HISECWEB replacement Web_Secure.INF
Or what comes with Win2K out of the box
Hisecws.inf.
Need I say the lack of use hardened servers is of great concern and they
would desire to find someone that is actually using some "template.inf" to
secure their environment.
These servers are going on the Internet... !!!!!!!
H E L P !
Cheers,
MG
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]