Re: [fw-wiz] How to Secure Windows? was How to Save the World

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 12/21/04

  • Next message: Dave Piscitello: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
    To: Dave Piscitello <dave@corecom.com>
    Date: Tue, 21 Dec 2004 16:25:35 -0500 (EST)
    
    

    On Mon, 20 Dec 2004, Dave Piscitello wrote:

    > If you want a cheat sheet - or a template on which to baseline what
    > your organization ultimately decides is its security policy - then
    > visit the Center for Internet Security (cisecurity.org), download the
    > security benchmarking tool and dozen or so templates, and RTFM that
    > accompanies it.

    That _would_ be useful, if it weren't for the fact that I can only use it
    on a single computer. If, I wanted to use their tools as a consultant,
    it'd cost me $11,000 per year! While that might be ok for E&Y, it's a
    little steep for PDR ;)

    > Basically, using Active Directory and group policy object definition,
    > you can lock down W2K or XP very nicely based on these templates,
    > including services, file system, local administration, IE settings,
    > auditing/event logging and more. You can also develop policy for
    > locking down internet-facing servers on Win2000 and W2k3. If you're
    > not running AD, you can apply the same template as a local security
    > policy using secpol.msc or create a Group template and apply it to
    > individual systems using the group policy msc.
    >
    > If you want the 1000-word abstract versions, visit my Windows 2000
    > resources page at http://hhi.corecom.com/windowsxpresources.htm

    Any idea if you can make Windows *not* dynamically accept ARP entires and
    rely only on static entries in the table?

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Dave Piscitello: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"