Focus on Microsoft
Re: XP Hardening May 13 2008 06:34PM
techlists comcast net (2 replies)
RE: XP Hardening May 13 2008 08:37PM
Morris Sgt Derek P (derek p morris usmc mil) (1 replies)
Re: XP Hardening May 13 2008 10:36PM
Marc Handelman (mhandelman infosecurity us) (1 replies)
We also utilize the DISA Gold Disk hereabouts...
and of course, we all concur with the previous writers, Sgt. Morris and
Paul.

While the DISA Gold Disk is indeed Outstanding and Extremely Useful as a
Reference tool and Fully Functional in terms of it's ability to read the
.infs to perform the 'lock-downs' it also Pays to Read the STIGs.

Automation is certainly what we strive for, however, without human
interaction on part of an Engineer, or an Examiner, what have you, we become
too reliant on tools that may be compromised, themselves. Don't take this as
a Luddite's view, just apply Common Sense to the effort, as noted by the
previous writers.
---
Marc Handelman

> From: Morris Sgt Derek P <derek.p.morris (at) usmc (dot) mil [email concealed]>
> Date: Tue, 13 May 2008 13:37:14 -0700
> To: <focus-ms (at) securityfocus (dot) com [email concealed]>
> Subject: RE: XP Hardening
> Resent-From: <focus-ms-return-10064 (at) securityfocus (dot) com [email concealed]>
> Resent-Date: Tue, 13 May 2008 14:01:39 -0600 (MDT)
>
>
> I'll second the DISA Gold Disk option for hardening systems, but like Paul
> said, check EVERY OPTION before you do it. I guarantee (from personal
> experience) that it will break your system if you just do it to the default
> level. It is however an outstanding tool.
>
> Sgt Morris
> USMC
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
> Behalf Of techlists (at) comcast (dot) net [email concealed]
> Sent: Tuesday, May 13, 2008 11:35
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: Re: XP Hardening
>
>
> -------------- Original message ----------------------
> From: maash.rajani (at) gmail (dot) com [email concealed]
>> Can anyone direct me to some resources explaining hardening procedures
>> for windows XP.
>
> The US Defense Department puts their hardening guide online. They have an
> automated tool called the Gold Disk that can scan your system and generate a
> report of vulnerabilities it finds. The Gold Disk can also apply most of the
> settings automatically.
>
> A strong warning however - applying the Gold Disk settings wholesale is
> guaranteed to cause you problems.
>
> It is far better to selectively choose the settings you want to apply - you
> don't need to apply everything. On a default system, it'll find over 100
> different settings that it recommends changing.
>
> Paul
>
> This is a download link for the latest Gold Disk ISO image -
>
> http://iase.disa.mil/stigs/SRR/gdv2_cd1_engine_03_25_2008.iso
0? × *?H?÷
 ? È0? Ä1 0 +0  *?H?÷
 ?
&0?R0?: 6?/ÓôG%Q:ðíò2¡k0
 *?H?÷
0Ý1 0 UUS10U
VeriSign, Inc.10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)0510U Persona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G20
080202000000Z
090201235959Z0?10U
VeriSign, Inc.10U VeriSign Trust Network1F0DU =www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)9810U Persona Not Validated1301U *Digital ID Class 1 - Netscape Full Service10UMarc Handelman1)0' *?H?÷
 mhandelman (at) infosecurity (dot) us0 [email concealed]?"0
 *?H?÷
?0?
?ËÆ6Î?NñÝ[©Üï?ýç,Ø?eZ}+?;S«SN»;??RÅ~LO"8q
yçÌ$ìø±á/¿Ú@£))
ÚC??ÔäG¹ûZhãÇ°+XÁ×ÙîE
j?É¢?ë¤kP)*q3ÂÙw¢/?Ö4Ì?/´Î?Ò±QçÕ½ix9Ù?î
°Þ?dª?d;jP¦?Z9¦??VX<E
>ÂW½Ñ[ò ù÷×bgn®Ù®Uôì ´(µqÊÍ?jPñp»Öß%^µ×¢ü?"kFÚõ¹ °H¥ù5¦ò"Két,¸la´¹,¸ÝzÄ?Ï7Ձª¸¢aÖªôG£Ì0É0 U00DU =0;09 `?H?øE0*0(+https://www.verisign.com/rpa0 U
 0U%0++0JUC0A0? = ;?9http://IndC1Digita
lID-crl.verisign.com/IndC1DigitalID.crl0
 *?H?÷
??Âñ?D?yøl&3®KÉÂtõæ?
lÞXý ­E§^ed?®|;¥ä*UÞzû?FêÏ]mÉ[gàÄÚËÁq?äH_Ú¯Õ^kcÀ<÷²MñYÞÉw1Ö_;Èã±n?@´ÑR/
Ê°*%|U½yÃC?Ùç¾öjÌY?/\¯pD?ÀA<¼O^µu7X:U¬{·?Ëø|i Õ??íÛÑÞc5P£Í`B9Õjd6ôÈE«vÛA¢¬?G?[ßï~ô~ιfé <?¾TÇä?JöEÓ ®gQÚv?/w¡?áÚ)ºEcÏd?'"?§²þe@ºéHøä?Ѥ £#ö¦0?Ì0?5 ®k?ôæ/"?£Út
al0
 *?H?÷
0_1 0 UUS10U
VeriSign, Inc.1705U .Class 1 Public Primary Certification Authority0
051028000000Z
151027235959Z0Ý1 0 UUS10U
VeriSign, Inc.10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)0510U Persona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G20?"0
 *?H?÷
?0?
?É߬çêøøÄ?ÕÁ~6Â<ï|rËÀ«?=?Îo,?í?&æ¶Çæ­C?¤?GGL>TøløÇü±?½0p¼?±ê
?ñ­@ÅDzK¢ò`ü×:ebïÿ{¢V»ÅNp-Ö¢<í°Bè^W!¬¦?ÙéÒÀtGB üÅ4êýæº$Ñ7¢×sÏ
A/c²:?¾¥nôÉJ[=?¦»5ùÔ/qvY»K¶>ÖüZôÖ?òIþl íéÙ?u?yÎ`'ݹ­uÎ/s?z@:?uI°¸ßh¼«Í??P£à< ®À
SÍ×0o?2FäIÂlâ¯yÿÛ´µ£??0??0Uÿ0ÿ0DU =0;09 `?H?øE0*0(+https://www.verisign.com/rpa0 U
0 `?H?øB0.U'0%¤#0!10UPrivateLabel3-2048-1550U
}^}<ßjlÖ¢??1Ø;?R01U*0(0& $ "? http://crl.verisign.com/pca1.crl0U#z0x¡c¤a0_1 0 UUS10U
VeriSign, Inc.1705U .Class 1 Public Primary Certification Authority?ͺVðßä¼Tþ"¬³rªU0
 *?H?÷
±/Ù?á?¢î`åÈ* ûág,Ö?S£éKøD?F÷ú þÓ£Ò¿ìÖ?JMCøÊ»¾?IÝ!s3WÂBZ¾ú?²æ1?N]<ðs7cë¿?
Y?ýfÞé?2??)<:®TÚ¦Q±ÈÊÓGxæÛ¥?ãÑÀÂ!öº1?y0?u0ò0Ý1 0 UUS10U
VeriSign, Inc.10U VeriSign Trust Network1;09U 2Terms of use at https://www.verisign.com/rpa (c)0510U Persona Not Validated1705U.VeriSign Class 1 Individual Subscriber CA - G26?/ÓôG%Q:ðíò2¡k0 + ]0# *?H?÷
 1öËNkïWÐYqå8 Æ>vÓÉÉ0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
080513223653Z0
 *?H?÷
?M-¯ábzÞÈz>æ~AÞÄ!"*åØ«>æ
ª«vÚß4(Ð_÷2¼£?þÓ9?AñÝÊOÙǪÔM?¶ml?:1\?-yT®??]8ã\n7
æì'Ñü÷çuäã¬ÌG£sj?+aç¥Í;æg?'¦Õ£?ÝGºbóe¯nÞnª<(@G_äW¼e0k¬/Ëò?;Â<!Ä6¯
eaøÂmÎzhv?
pÝ??>× OHTz}s"jn˯ ?RtXÔtûC^?¤ÅñYF¾ ´ùi?"¡ï?3|ÂÞªyØ0?Í?lH°Ý÷?d´Y?àúÑ cm?ë?
dgB

[ reply ]
RE: XP Hardening May 14 2008 03:10AM
dave kleiman (dave davekleiman com)
RE: XP Hardening May 13 2008 08:01PM
Kevin Hegg (kevinhegg moturion com)


 

Privacy Statement
Copyright 2010, SecurityFocus