RE: Install for Dummies?

Date: 01/16/02

Date: Wed, 16 Jan 2002 15:55:54 -0500

try looking at

-----Original Message-----
From: Brad Judy []
Sent: Wednesday, January 16, 2002 12:22 PM
To: Johnson, Greg
Subject: RE: Install for Dummies?

There are several resources for securing W2K and NT that have been posted
here many times. You can check the archives or contact me for that
information. When investigating a similar, but more narrow question I ended
up writing my own guidelines for W2K
and IIS 5
My instructions are not quite as detailed as you have proposed largely
because they are targeted at IT admins, not end users.

Take a look at these other higher ed security checklists (these are just

Yale: (
Stanford: (
CC of Virginia

I'm sure there are others, but those are the ones I had bookmarks for.

I am yet to see much in terms of Windows 9x security checklists.

For most end-users it makes more sense to give general secure computing
guidelines (eg. using encrypted logins, e-mail and web security, patching,
etc.) rather than a lockdown checklist. I think basic security awareness is
the first step toward more secure computing. It doesn't matter how well you
lock your system down if you send your password or credit card info in clear
text or e-mail.

I would recommend you send a document to everyone on secure computing
practices that links back to whatever lockdown articles you wish to post.

Brad Judy

Information Technology Services
University of Colorado at Boulder

> -----Original Message-----
> From: Johnson, Greg []
> Sent: Wednesday, January 16, 2002 8:05 AM
> To:
> Subject: Install for Dummies?
> Has anyone seen an effective one-page or two-page document that
> guides naive
> users through a secure installation? Outline:
> (1) Physically unplug from the net!
> (2) Really, unplug!
> (3) Install OS and applications from vendor media.
> (4) Don't plug in yet.
> (5) Apply any patches from other media.
> (6) Keep your hands off that cable.
> (7) Disable services such as UPnP and IIS via these steps ...
> (8) OK, now you can plug in and finish network connection.
> (9) Download and install patches.
> (10) Download, install, update anti-virus, personal firewall, etc.
> (11) Download and run this program to check and set security.
> (12) A backup might be in order now.
> (13) Turn on just those services you need...
> (14) Watch your logs.
> (15) Keep up to date on patches.
> (16) To further prevent unauthorized network access to your computer, to
> test its security status against ever-emerging threats, and to ask best
> practices questions about security, see this web page ...
> Item (7) is the meat. What's the minimum secure, fool-proof instructions
> you advise? There may be a version for each popular OS including
> MS Windows
> 98, ME, 2000, NT, XP, Red Hat Linux & Apple Mac.
> I wish to distribute something like this to our university's thousands of
> students and staff. So these guidelines must be enticing and
> inexpensive!
> Our people connect on campus and with machines they own via DSL, cable, or
> other access. No surprise, many people, even those who know better, are
> NIMDA'd or worse before they finish downloading MS patches, enterprise
> templates, etc.
> Over a year ago I discovered vulnerable shares on dozens of campus Windows
> 98 systems. My boss thought that because of this vulnerability we should
> consider officially dropping support for '98. I pointed out that only
> systems for which Microsoft disclaims security--Windows 95 and 98--are
> secure out of the box. This UPnP mess and IIS defaults have affirmed that
> cynical observation.
> -- Greg Johnson, Security Office, IAT Services, University of Missouri -
> Columbia