We also utilize the DISA Gold Disk hereabouts...
and of course, we all concur with the previous writers, Sgt. Morris and
Paul.

While the DISA Gold Disk is indeed Outstanding and Extremely Useful as a
Reference tool and Fully Functional in terms of it's ability to read the
.infs to perform the 'lock-downs' it also Pays to Read the STIGs.

Automation is certainly what we strive for, however, without human
interaction on part of an Engineer, or an Examiner, what have you, we become
too reliant on tools that may be compromised, themselves. Don't take this as
a Luddite's view, just apply Common Sense to the effort, as noted by the
previous writers.
---
Marc Handelman

> From: Morris Sgt Derek P <derek.p.morris (at) usmc (dot) mil [email concealed]>
> Date: Tue, 13 May 2008 13:37:14 -0700
> To: <focus-ms (at) securityfocus (dot) com [email concealed]>
> Subject: RE: XP Hardening
> Resent-From: <focus-ms-return-10064 (at) securityfocus (dot) com [email concealed]>
> Resent-Date: Tue, 13 May 2008 14:01:39 -0600 (MDT)
>
>
> I'll second the DISA Gold Disk option for hardening systems, but like Paul
> said, check EVERY OPTION before you do it. I guarantee (from personal
> experience) that it will break your system if you just do it to the default
> level. It is however an outstanding tool.
>
> Sgt Morris
> USMC
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
> Behalf Of techlists (at) comcast (dot) net [email concealed]
> Sent: Tuesday, May 13, 2008 11:35
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: XP Hardening
>
>
> -------------- Original message ----------------------
> From: maash.rajani (at) gmail (dot) com [email concealed]
>> Can anyone direct me to some resources explaining hardening procedures
>> for windows XP.
>
> The US Defense Department puts their hardening guide online. They have an
> automated tool called the Gold Disk that can scan your system and generate a
> report of vulnerabilities it finds. The Gold Disk can also apply most of the
> settings automatically.
>
> A strong warning however - applying the Gold Disk settings wholesale is
> guaranteed to cause you problems.
>
> It is far better to selectively choose the settings you want to apply - you
> don't need to apply everything. On a default system, it'll find over 100
> different settings that it recommends changing.
>
> Paul
>
> This is a download link for the latest Gold Disk ISO image -
>
> http://iase.disa.mil/stigs/SRR/gdv2_cd1_engine_03_25_2008.iso
0?× *?H?÷

 ?È0?Ä

10 +0 *?H?÷


 ?
&0?R0?: 
6?
/ÓôG%Q:ðíò2¡k0
 *?H?÷


0Ý10 UUS10U
VeriSign, Inc.10UVeriSign Trust Network1;09U2Terms of use at https://www.verisign.com/rpa (c)0510UPersona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G20
080202000000Z
090201235959Z0?
10U
VeriSign, Inc.10UVeriSign Trust Network1F0DU=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)9810UPersona Not Validated1301U*Digital ID Class 1 - Netscape Full Service10UMarc Handelman1)0' *?H?÷


mhandelman (at) infosecurity (dot) us0 [email concealed]?
"0
 *?H?÷



?
0?

?

ËÆ6Î?NñÝ[©Üï?ýç,Ø?eZ}+?;S«SN»;??RÅ~LO"8q
yçÌ$ìø±á/¿Ú@£
))
ÚC??ÔäG¹ûZhãÇ°+XÁ×ÙîE
j?É¢?ë¤kP)*q3ÂÙw¢/?Ö4Ì?/´Î?Ò±QçÕ½ix9Ù?î
°Þ?dª?d;jP¦?Z9¦??VX<E
>ÂW½Ñ[ò ù÷×bgn®Ù®Uôì ´(µqÊÍ?jPñp»Öß%^µ×¢ü?"kFÚõ¹ °H¥ù5¦ò"Két,¸la´¹,¸ÝzÄ?Ï7Ձª¸¢aÖªôG

£Ì0É0 U00DU =0;09`?H
?øE
0*0(+

https://www.verisign.com/rpa0U
 0U%0+
+
0JUC0A0? = ;?9http://IndC1Digita
lID-crl.verisign.com/IndC1DigitalID.crl0
 *?H?÷


?

?Âñ?D?yøl&3®KÉÂtõæ?
lÞXý ­E§^ed?®|;¥ä*UÞzû?FêÏ]mÉ[gàÄÚËÁq?äH_Ú¯Õ^kcÀ<÷²MñYÞÉw1Ö_;Èã±n?@´ÑR/
Ê°*%|U½yÃC?Ùç¾öjÌY?/\¯pD?ÀA<¼O^µu7X:U¬{·?Ëø|i Õ??íÛÑÞc5P£Í`B9Õjd6ôÈE«vÛA¢¬?G?[ßï~ô~ιfé<?¾TÇä?JöEÓ®gQÚv?/w¡?áÚ)ºEcÏd?'"?§²þe@ºéHøä?Ѥ £#ö¦0?Ì0?5 
®k?ôæ/"?£Út
al0
 *?H?÷


0_10 UUS10U
VeriSign, Inc.1705U.Class 1 Public Primary Certification Authority0
051028000000Z
151027235959Z0Ý10 UUS10U
VeriSign, Inc.10UVeriSign Trust Network1;09U2Terms of use at https://www.verisign.com/rpa (c)0510UPersona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G20?
"0
 *?H?÷



?
0?

?

É߬çêøøÄ?ÕÁ~6Â<ï|rËÀ«?=?Îo,?í?&æ¶Çæ­C?¤?GGL>TøløÇü±?½0p¼?±ê
?ñ­@ÅDzK¢ò`ü×:ebïÿ{¢V»ÅNp-Ö¢<í°Bè^W!¬¦?ÙéÒÀtGBüÅ4êýæº$Ñ7¢×sÏ

A/c²:?¾¥nôÉJ[=?¦»5ùÔ／qvY»K¶>ÖüZôÖ?òIþlíéÙ?u?yÎ`'ݹ­uÎ/s?z@:?uI°¸ßh¼«Í??P£à<®À
SÍ×0o?2FäIÂlâ¯yÿÛ´µ

£?
?0?
?0U

ÿ0

ÿ
0DU =0;09`?H
?øE

0*0(+

https://www.verisign.com/rpa0U

0 `?H
?øB


0.U'0%¤#0!10UPrivateLabel3-2048-1550U
}^}<ßjlÖ¢??1Ø;?R01U*0(0& $ "? http://crl.verisign.com/pca1.crl0U#z0x¡c¤a0_10 UUS10U
VeriSign, Inc.1705U.Class 1 Public Primary Certification Authority?ͺVðßä¼Tþ"¬³rªU0
 *?H?÷


±/Ù?á?¢î`åÈ* ûág,Ö?S£éKøD?F÷ú þÓ£Ò¿ìÖ?JMCøÊ»¾?IÝ!s3WÂBZ¾ú?²æ1?N]<ðs7cë¿?
Y?ýfÞé?2??)<:®TÚ¦Q±ÈÊÓGxæÛ¥?ãÑÀÂ!öº1?y0?u

0ò0Ý10 UUS10U
VeriSign, Inc.10UVeriSign Trust Network1;09U2Terms of use at https://www.verisign.com/rpa (c)0510UPersona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G26?
/ÓôG%Q:ðíò2¡k0 + ]0# *?H?÷

1öËNkïWÐYqå8Æ>vÓÉÉ0 *?H?÷

1 *?H?÷


0 *?H?÷

1
080513223653Z0
 *?H?÷



?
M-¯ábzÞÈz>æ~AÞÄ!"*åØ«>æ
ª«vÚß4(Ð_÷2¼£?þÓ9?AñÝÊOÙǪÔM?¶ml?:1\?-yT®??]8
ã\n7
æì'Ñü÷çuäã¬ÌG£sj?+aç¥Í;æg?'¦Õ£?ÝGºbóe¯nÞnª<(@G_äW¼e0k¬/Ëò?;Â<!Ä6¯
eaøÂmÎzhv?
pÝ??>×OHTz}s"jn˯?RtXÔtûC^?¤ÅñYF¾ ´ùi?"¡ï?3|ÂÞªyØ0?Í?lH°Ý÷?d´Y?àúÑcm?ë?
dgB

[ reply ]