Focus on Microsoft
Re: XP Hardening May 13 2008 06:34PM
techlists comcast net (2 replies)
RE: XP Hardening May 13 2008 08:37PM
Morris Sgt Derek P (derek p morris usmc mil) (1 replies)

I'll second the DISA Gold Disk option for hardening systems, but like Paul
said, check EVERY OPTION before you do it. I guarantee (from personal
experience) that it will break your system if you just do it to the default
level. It is however an outstanding tool.

Sgt Morris
USMC
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of techlists (at) comcast (dot) net [email concealed]
Sent: Tuesday, May 13, 2008 11:35
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: XP Hardening

-------------- Original message ----------------------
From: maash.rajani (at) gmail (dot) com [email concealed]
> Can anyone direct me to some resources explaining hardening procedures
> for windows XP.

The US Defense Department puts their hardening guide online. They have an
automated tool called the Gold Disk that can scan your system and generate a
report of vulnerabilities it finds. The Gold Disk can also apply most of the
settings automatically.

A strong warning however - applying the Gold Disk settings wholesale is
guaranteed to cause you problems.

It is far better to selectively choose the settings you want to apply - you
don't need to apply everything. On a default system, it'll find over 100
different settings that it recommends changing.

Paul

This is a download link for the latest Gold Disk ISO image -

http://iase.disa.mil/stigs/SRR/gdv2_cd1_engine_03_25_2008.iso
0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?o0?p0?X 0
 *?H?÷
0[1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI10U
DoD Root CA 20
041213150010Z
291205150010Z0[1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI10U
DoD Root CA 20?"0
 *?H?÷
?0?
?À,Áö;¬ÿ?<Öq¾¸t"ìpAü«@ãªÁÃØ?þÚL:¿?ÈØ({K6À¬E%ÃÒ
?d=p*o?×܍?³A8!Í­«Â=*ÓW7
Í?Qù?ãÌFI!?´ÍË>8Ír1î«òeê4.V]ÿîcuËmº?4ü?óô-¾PÄBßY?ÿj³ú¨l=ËVqq?»??å?E
YgA°ëí`¤?u?ôCà?ûõ³Ì²?±ý2Á¸¾A¤dµ`:ZQ0?ÎÞA,G\Id¹t©?A¯}nºÁ¸¡¿e1:
gùµ»???c¸±æ?8_?ÿPÕ;¢]k²Ìc£?0=0UIt» ^ºzþTï{ Æ?Æ ?p?0 U?0Uÿ0ÿ0
 *?H?÷
?????È»õÀis);5¬º³v=p ?é?D!}vîQl7-{1iô?D¸¯FÌ4ú#Ë'Ò?!u+çà?&Ü?@?è¨ÒÌöX\fï?J??º
¢Ý[+§dNë.5¤´?­UäÕs¨i?ñ?ò1o@Ôøx??? opfª+Îáz?µ}áàÑ?ç¡:-̱Dí??Ó
Mp9Á å~Ùñ¯× ñ"z%¤s?Ì?¤'?¨¢?í?¹Ó? ?ÂÁò?õbßhßǼiQí±\ÜTT) 9?¬ÁÛ M®o
zIñ¿?Ò8?Óö?,·lÉB¶Ê?Ù0?50?? l0
 *?H?÷
0]1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI10UDOD EMAIL CA-120
060926000000Z
090924235959Z0y1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI1
0 U USMC1%0#UMORRIS.DEREK.PAUL.12335636210?0
 *?H?÷
0?Â(¶[9ÞÉ·À¨bSû2Ã?øÖZsгQpý<¶T¡?
æ¢0h¼n¡×'Îèã}¿3Ó!~È???b?7Îĵ¾t?aÐo/ÜM/ ËmZ:¼my_­D5½ñ¸`?(Xæ(Á¹Ð+j ¼FfÁWGù?0ï?Æ?×âHô?£?å0?á0Uÿ 0"U0derek.p.morris (at) usmc (dot) mil0 [email concealed]U#0?ÕÃ)? wÜ(NwOÿécA30
Uy8;¨.TlÊ º?¦{¸ZùR±0U 0
0  `?He 0s+g0e0A+0?5http://crl.chamb.disa.mil/getsign?DOD%20EM
AIL%20CA-120 +0?http://ocsp.disa.mil0ÝUÕ0Ò0: 8 6?4http://crl.chamb.d
isa.mil/getcrl?DOD%20EMAIL%20CA-120?  ??ldap://crl.chamb.disa.mil/
cn%3dDOD%20EMAIL%20CA-12%2cou%3dPKI%2cou%3dDoD%2co%3dU.S.%20Government%2
cc%3dUS?certificaterevocationlist;binary0
 *?H?÷
·{iÛ?Ë?
BxmØí?5âÓ\~åiÂ?ú¦ß?¡Ó?\¦?IÅß4§??7ÝÕn?ëo§cl2op¬òù9×¾lÓïâAM¼?g?©
øQXÚ?#<Å´?ç.²;¹Jé?0ËUo?K*:"ÉÚ2?ü °?ÄôÅ?ŪÒe40?:0?"  0
 *?H?÷
0[1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI10U
DoD Root CA 20
060109135445Z
120108135445Z0]1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI10UDOD EMAIL CA-120?0
 *?H?÷
0?ã"¦î?¢¤ÑF{RCV¦{ð´êSTÏ+lj-~Ä?*¸²ËcF©?É)ÿ y]òNÙÊäZ³@@ÝÿEÔ
ÔNZ?"Úó?¸éi?7¢ª¬C??jZQü?ëRåM±?õ]÷Ú¼Vå?b?Z!·K×?b?Õ??Êð@tZ_F¼m
£??0??0Uÿ?0U#0?It» ^ºzþTï{ Æ?Æ ?p?0UÕÃ)? wÜ(NwOÿécA30 U$0?0Uÿ0ÿ00U )0'0  `?He 0  `?He 0  `?He
0áUÙ0Ö0: 8 6?4http://crl.chamb.disa.mil/getcrl?DoD%20Root%20CA%2
020? ? ???ldap://crl.chamb.disa.mil/cn%3dDoD%20Root%20CA%202%2cou%3d
PKI%2cou%3dDoD%2co%3dU.S.%20Government%2cc%3dUS%3fcertificaterevocationl
ist%3bbinary0
 *?H?÷
?*
wå?úä?Ím¨]??
?ÍСOTm¾k?î!_³4Db?ÂÞ´ ?0F?¾x½aHrè&P?f?è"ñKÿ-ëå???¥/Ý{W¶`²|g ]Χ8Ô¨äÞÆ=²??÷jÅX?Rᨍµ²
G?x2Ã;ú,@¢Irße»õ¬?mÚ??3GÑI?NÄ×8 ¤õîaJÞ?ÁÒö?Þ?Ýä?ÔøO¤<(®ÞF3ICC­
'¦A·?fèo$á-º¹aÜC|-òCzTós?¡?2Ü)W.[?sZ?ôcëcÎf@ä)ß×?Þgz¿?ÐÇ·è0??
0?é S0
 *?H?÷
0]1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI10UDOD EMAIL CA-120
060926000000Z
090924235959Z0y1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI1
0 U USMC1%0#UMORRIS.DEREK.PAUL.12335636210?0
 *?H?÷
0?ª³/Ü-×Åx#Ã_u$?³»I[Ô¹F?{?Åfyç·6PÜÌã?)q????1å¥?òÂZRé?
ós^Ö,Ésì
âJ?~#GÜ®S©+±Dn¼´Ô÷B«êbÖÃ×ø??¤êÓ¨ú?ðS¬?ýÜÙ¾²NFH«0e£?00?,0
UÿÀ0U#0?ÕÃ)? wÜ(NwOÿécA30U={ç ÊÅaÊ"/?Nn2ÀZ0U 0
0  `?He 0s+g0e0A+0?5http://crl.chamb.disa.mil/getsign?DOD%20EM
AIL%20CA-120 +0?http://ocsp.disa.mil0ÝUÕ0Ò0: 8 6?4http://crl.chamb.d
isa.mil/getcrl?DOD%20EMAIL%20CA-120?  ??ldap://crl.chamb.disa.mil/
cn%3dDOD%20EMAIL%20CA-12%2cou%3dPKI%2cou%3dDoD%2co%3dU.S.%20Government%2
cc%3dUS?certificaterevocationlist;binary0)U%"0 
+?7++0BU;09derek.p.morris (at) usmc (dot) mil [email concealed] 
+?7  1233563621@mil0
 *?H?÷
®x-]+¥Ø¨Z¹'ǤÒC8ÔhÉC??s-PæýUÍýw ºH;T6c´bòP¤µÉp¸ÙuP0ås+Þ\¾?)°?¨´ ?}FÖIY?É"^ë^?²§sNÞK ÐÝ-Ë)iN??º?¨?õbu ³ïah÷4TqÖãßVÇ1?±0?­0d0
]1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI10UDOD EMAIL CA-12S0 + ?£0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
080513203712Z0# *?H?÷
 1~?3S§.d«m?Ö
*úC\Ê10X *?H?÷
 1K0I0
*?H?÷
0*?H?÷
?0+0
*?H?÷
(0+0
*?H?÷
0s +?71f0d0]1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI10UDOD EMAIL CA-12l0u *?H?÷
  1f d0]1 0 UUS10U
U.S. Government1 0
U DoD1 0
U PKI10UDOD EMAIL CA-12l0
 *?H?÷
?ue¸¥%'1?ûE
°?>¯ó?Fw? n\øÕ»ÑØѪt©áJ°%qhdIó&"2ÛÄý[|lx*YKçÒv«w µª?s?PþÕ¨1Ó7??-)÷µ)öí|-?÷ӁFTþä?ï_F?{s!æ aóxD?ÕV3Ò®Ìß·Æ

[ reply ]
Re: XP Hardening May 13 2008 10:36PM
Marc Handelman (mhandelman infosecurity us) (1 replies)
RE: XP Hardening May 14 2008 03:10AM
dave kleiman (dave davekleiman com)
RE: XP Hardening May 13 2008 08:01PM
Kevin Hegg (kevinhegg moturion com)


 

Privacy Statement
Copyright 2010, SecurityFocus