Re: [fw-wiz] How to Secure Windows? was How to Save the World

From: Paul D. Robertson (
Date: 12/21/04

  • Next message: Dave Piscitello: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
    To: Dave Piscitello <>
    Date: Tue, 21 Dec 2004 16:25:35 -0500 (EST)

    On Mon, 20 Dec 2004, Dave Piscitello wrote:

    > If you want a cheat sheet - or a template on which to baseline what
    > your organization ultimately decides is its security policy - then
    > visit the Center for Internet Security (, download the
    > security benchmarking tool and dozen or so templates, and RTFM that
    > accompanies it.

    That _would_ be useful, if it weren't for the fact that I can only use it
    on a single computer. If, I wanted to use their tools as a consultant,
    it'd cost me $11,000 per year! While that might be ok for E&Y, it's a
    little steep for PDR ;)

    > Basically, using Active Directory and group policy object definition,
    > you can lock down W2K or XP very nicely based on these templates,
    > including services, file system, local administration, IE settings,
    > auditing/event logging and more. You can also develop policy for
    > locking down internet-facing servers on Win2000 and W2k3. If you're
    > not running AD, you can apply the same template as a local security
    > policy using secpol.msc or create a Group template and apply it to
    > individual systems using the group policy msc.
    > If you want the 1000-word abstract versions, visit my Windows 2000
    > resources page at

    Any idea if you can make Windows *not* dynamically accept ARP entires and
    rely only on static entries in the table?

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact."
    firewall-wizards mailing list

  • Next message: Dave Piscitello: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"

    Relevant Pages

    • Fwd: Oh Dear, Where to start?!
      ... It seems to me you need two things: an organizational policy, ... finish college and break into the real world of computer security. ... experience in the field of network security and policy ... updates, driver updates, and recommended updates. ...
    • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
      ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ... supports a finite number of "rules" or "policies". ...
    • RE: Cant set Local Security policies. They fail to save
      ... predefined Security Template on SBS 2003 to restore security groups ... run "gpupdate.exe /force" under command prompt to force the policy ... reboot the Server to test. ... and then logon to client computer to test if user can save system logs. ...
    • Re: No Shut Down or Restart for Domain Admins
      ... run rsop.msc from your DC and check which policy is responsible to this. ... I have created a group policy in a development network and imported it ... NT AUTHORITY\Authenticated Users Read (from Security Filtering) No ... Enforce user logon restrictions Enabled ...
    • Re: GPO Update Problem (SYSVOL access via UNC)
      ... Server Security and Auditing Policy ... This list only includes links in the domain of the GPO. ... The settings in this GPO can only apply to the following groups, users, ...