RE: Install for Dummies?

From: russell_munisteri@inds.com
Date: 01/16/02


From: russell_munisteri@inds.com
To: judy@colorado.edu, JohnsonG@missouri.edu
Date: Wed, 16 Jan 2002 15:55:54 -0500

try looking at www.nsa.gov

-----Original Message-----
From: Brad Judy [mailto:judy@colorado.edu]
Sent: Wednesday, January 16, 2002 12:22 PM
To: Johnson, Greg
Cc: focus-ms@securityfocus.com
Subject: RE: Install for Dummies?

There are several resources for securing W2K and NT that have been posted
here many times. You can check the archives or contact me for that
information. When investigating a similar, but more narrow question I ended
up writing my own guidelines for W2K
(http://www.colorado.edu/its/windows2000/adminguide/w2ksecguidelines.html)
and IIS 5
(http://www.colorado.edu/its/windows2000/adminguide/iis5secguidelines.html).
My instructions are not quite as detailed as you have proposed largely
because they are targeted at IT admins, not end users.

Take a look at these other higher ed security checklists (these are just
W2K):

Yale: (http://www.yale.edu/its/security/Procedures/Securing/NT/w2k/)
Stanford: (http://windows.stanford.edu/docs/w2kservsecchecklist.htm)
CC of Virginia
(http://www.so.cc.va.us/its/Best_Practices/Security_Best_Practices_for_Windo
ws_2000.htm)

I'm sure there are others, but those are the ones I had bookmarks for.

I am yet to see much in terms of Windows 9x security checklists.

For most end-users it makes more sense to give general secure computing
guidelines (eg. using encrypted logins, e-mail and web security, patching,
etc.) rather than a lockdown checklist. I think basic security awareness is
the first step toward more secure computing. It doesn't matter how well you
lock your system down if you send your password or credit card info in clear
text or e-mail.

I would recommend you send a document to everyone on secure computing
practices that links back to whatever lockdown articles you wish to post.

Brad Judy

Information Technology Services
University of Colorado at Boulder

> -----Original Message-----
> From: Johnson, Greg [mailto:JohnsonG@missouri.edu]
> Sent: Wednesday, January 16, 2002 8:05 AM
> To: focus-ms@securityfocus.com
> Subject: Install for Dummies?
>
>
> Has anyone seen an effective one-page or two-page document that
> guides naive
> users through a secure installation? Outline:
>
> (1) Physically unplug from the net!
> (2) Really, unplug!
> (3) Install OS and applications from vendor media.
> (4) Don't plug in yet.
> (5) Apply any patches from other media.
> (6) Keep your hands off that cable.
>
> (7) Disable services such as UPnP and IIS via these steps ...
>
> (8) OK, now you can plug in and finish network connection.
> (9) Download and install patches.
> (10) Download, install, update anti-virus, personal firewall, etc.
> (11) Download and run this program to check and set security.
> (12) A backup might be in order now.
>
> (13) Turn on just those services you need...
> (14) Watch your logs.
> (15) Keep up to date on patches.
> (16) To further prevent unauthorized network access to your computer, to
> test its security status against ever-emerging threats, and to ask best
> practices questions about security, see this web page ...
>
> Item (7) is the meat. What's the minimum secure, fool-proof instructions
> you advise? There may be a version for each popular OS including
> MS Windows
> 98, ME, 2000, NT, XP, Red Hat Linux & Apple Mac.
>
> I wish to distribute something like this to our university's thousands of
> students and staff. So these guidelines must be enticing and
> inexpensive!
> Our people connect on campus and with machines they own via DSL, cable, or
> other access. No surprise, many people, even those who know better, are
> NIMDA'd or worse before they finish downloading MS patches, enterprise
> templates, etc.
>
> Over a year ago I discovered vulnerable shares on dozens of campus Windows
> 98 systems. My boss thought that because of this vulnerability we should
> consider officially dropping support for '98. I pointed out that only
> systems for which Microsoft disclaims security--Windows 95 and 98--are
> secure out of the box. This UPnP mess and IIS defaults have affirmed that
> cynical observation.
>
> -- Greg Johnson, Security Office, IAT Services, University of Missouri -
> Columbia
>



Relevant Pages

  • Re: Vista errors 800b0100 and 80072EE2
    ... As Security Centre appears to be erroneously reporting Panda IS 2008 ... I've a 4Mbps cable connection and normally download around the 475MBps range. ... Are you certain it was wrong about Panda? ... Running Updates again, as before, keep getting asked to download and install ...
    (microsoft.public.windowsupdate)
  • Re: ..
    ... After doing the steps in KB948252, download and save KB961260: ... IF KB961260 does not install you are eligible for *NO-charge* support for getting the Cumulative IE Security update installed. ... If you installed KB947821 manually and it's still being offered by Windows ...
    (microsoft.public.windowsupdate)
  • The Big Ol Ubuntu Security Resource
    ... but its default install has flaws. ... are the mods you need to make to protect your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu, ... IT Security has prepared a guide to help you ...
    (microsoft.public.windowsxp.general)
  • The Big Ol Ubuntu Security Resource
    ... but its default install has flaws. ... are the mods you need to make to protect your system. ... If you've recently switched from Windows to the Linux distribution Ubuntu, ... IT Security has prepared a guide to help you ...
    (microsoft.public.windowsxp.general)
  • Critical Alert Update - W32.Slammer
    ... PSS Security Response Team Alert - Update: ... SP2, and Microsoft SQL Desktop Engine Version (MSDE) 2000 RTM, Microsoft SQL ... and all applications that install Microsoft SQL Desktop ...
    (microsoft.public.sqlserver.security)