Re: Security Policy

• Previous message: Lynn, Samara: "RE: Audit trail tools or ideas"
• In reply to: B. Saravanan: "Security Policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <20010928161730.52864.qmail@web20501.mail.yahoo.com>
Date: Fri, 28 Sep 2001 09:17:30 -0700 (PDT)
From: H C <keydet89@yahoo.com>
Subject: Re: Security Policy
To: "B. Saravanan" <B.Saravanan@zensar.com>, focus-ms@securityfocus.com

> i need sample security policies
> for Winnt, Win2000 and ISS.

ISS, or IIS?

The Information Security Policies book by Cressen Wood
is excellent for this. However, keep in mind that
_policies_ are not technology specific, while
procedures and processes are. For example, a policy
might state a requirement for strong authentication.
On NT, the process might include installing and
enabling passprop.dll, for example, or SecureID.

> i also need a write up on "what are important
> thing to be done while
> doing security audit". where can i get all these.
> If any body have it pls
> send it to me. i really need it urgently for
> references.

What do you mean "important thing[sic] to be done
while doing security audit"? A "security audit"
generally refers to collecting information about a
system or process, and then comparing it to some
standard (security policies/procedures, etc) for
compliance. One would think that you would be more
interested in references to settings that need to be
made in order to increase the level of security on
your systems.

A good place to start is...oddly enough...the
Microsoft Security site. Other sites, such as NSA,
InterSecAlliance, etc, all provide tips or entire
documents. However, these should not be taken at face
value and blindly applied to your systems. A single
box is complex enough, but entire systems such as a
LAN infrastructure are even more so, and all
variations cannot be anticipated. If you make a blind
change to your boxes without understanding what that
change does, you could very well end up with boxes
that no one can log into.

__________________________________________________
Do You Yahoo!?
Listen to your Yahoo! Mail messages from any phone.
http://phone.yahoo.com

• Previous message: Lynn, Samara: "RE: Audit trail tools or ideas"
• In reply to: B. Saravanan: "Security Policy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Hacked? ... > Event Source: Security ... > Computer: CODPAF01 ... > Domain Policy Changed: Password Policy modified ... > have GPO's being applied to it, all security policies are local and no one ... (microsoft.public.inetserver.iis.security) Hacked? ... Event Source: Security ... Domain Policy Changed: Password Policy modified ... according to the logs no one with authority to make such a change was logged ... with privelage to change local security policies was logged in at the time. ... (microsoft.public.inetserver.iis.security) RE: help w/ security policies! ... There are some model security policies on the SANSs site. ... This is my view of how an information security policy will look like. ... Facilities management policy ... (Security-Basics) Re: Network proximity warning ... There should be a security warning and the notices displayed along ... with a link indicating the security policies when a user tries to ... Content of such a warning... ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... (Security-Basics) Re: Windows 2003 Server - MS Rulez? ... Windows 2003 Server - MS Rulez? ... *** Wireless LAN Policies for Security & Management - NEW White Paper ... lockdown enterprise WLANs. ... wireless LANs require network security policies ... (Focus-Microsoft)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint