Re: Blessed Windows Security Templates
From: aruna (arunah_at_slt.lk)
Date: 12/15/03
- Previous message: Harlan Carvey: "Re: Blessed Windows Security Templates"
- In reply to: Jannie Hanekom: "RE: Blessed Windows Security Templates"
- Next in thread: Jannie Hanekom: "RE: Blessed Windows Security Templates"
- Reply: Jannie Hanekom: "RE: Blessed Windows Security Templates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Jannie Hanekom" <j_hanekom@hotmail.com>, <focus-ms@securityfocus.com> Date: Mon, 15 Dec 2003 12:59:05 +0600
Hi everyone,
This URL doesnot provide details and indicates the page you requested cannot
be found.
Can anyone please help.
Best Regards
aruna
----- Original Message -----
From: "Jannie Hanekom" <j_hanekom@hotmail.com>
To: <focus-ms@securityfocus.com>
Sent: Friday, December 12, 2003 11:58 PM
Subject: RE: Blessed Windows Security Templates
> Hi MG
>
> It's rather comprehensive, but in that type of setup you may want to have
a
> look at Microsoft's "System Architecture" set of documents at
>
http://www.microsoft.com/business/reducecosts/efficiency/consolidate/msa.msp
> x. (This used to be called "Microsoft Internet Data Center".)
>
> This consists primarily of a set of documents, so it won't give you a
shiny
> GUI. However, with a bit of reading, anyone with a bit of sense can
> implement the suggestions.
>
> I've only used the v1.0 documents, so can't speak for v1.5 or v2.0
directly,
> but they were VERY comprehensive and battle-hardened and are separated
into
> design blueprints and "reference" implementations, allowing you to use
> elements from both as you see fit. (Most notably the security documents
> will probably be of use to you.)
>
> Something else which may be useful is that the reference architecture uses
> the Microsoft/HP/EMC/Cisco hardware set, which is what you seem to be
> running SAP on. (That seems to be one of the more popular platforms for
SAP
> on NT anyway.)
>
> The documents themselves are free, but Microsoft sells the automated tools
> they mention in the docs at a hefty price. However, you can get by just
> fine in most situations by performing some of the tasks manually or
building
> your own (basic) tools.
>
> Hope that helps.
>
> Jannie
>
> -----Original Message-----
> From: RUSecure [mailto:rusecure@earthlink.net]
> Sent: 12 December 2003 02:07
> To: focus-ms@securityfocus.com
> Subject: Blessed Windows Security Templates
>
>
> Hello all,
>
> I have a special request from a client.
>
> My client is looking for anyone who will help bless the use of ANY
security
> Template with use for Windows 2000 and a similar configuration as I will
> describe below. They would love to actually talk to someone as well if
> possible.
>
> I am on an SAP ITS Web front end engagement, so you can see why I am
> recommending they seriously harden their front-end and back-end Windows
> servers.
>
> So here is the configuration.
>
> Win2K SP4 running IIS 5.0.
> SAP ITS Wgate on the front end
> SAP Agate on the backend
>
> I have NOT hardened anything yet... And desperately want to using
something
> the client can repeatedly reproduce for use within their organization.
>
> I am recommending they use a Commercial tool, but that will take time, so
> MMC and templates for now.
>
> I am suggesting they use one of the Center for Internet Security Templates
> (CIS - www.cisecurity.org) which are the NIST and NSA templates for the
> Wgate servers in the DMZ Agate servers as well.
>
> I want them to have the ability of checking the systems using the CIS tool
> and have some level of hardening. I also suggest since they do not use
and
> security templates on standalone or through AD that they need to move to
> this direction for repeatability and basic security worthiness. They can
use
> MMC to manage and apply these templates and command line it for
reproduction
> and compliance.
>
> So has ANYONE used ANY template on a configuration similar to the one I
> listed ? It does NOT have to be SAP as any basic WEB front end using
> IISLockDown with a Static Web server and NOTHING else required except
> Insight Manager and SNMP and PcAnywhere.
>
> I recommended the following templates:
>
> Win2KSrvGold_r1.0.1.inf
>
> Or
>
> HISECWEB replacement Web_Secure.INF
>
> Or what comes with Win2K out of the box
>
> Hisecws.inf.
>
> Need I say the lack of use hardened servers is of great concern and they
> would desire to find someone that is actually using some "template.inf" to
> secure their environment.
>
> These servers are going on the Internet... !!!!!!!
>
> H E L P !
>
> Cheers,
>
> MG
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
-
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
-
>
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Harlan Carvey: "Re: Blessed Windows Security Templates"
- In reply to: Jannie Hanekom: "RE: Blessed Windows Security Templates"
- Next in thread: Jannie Hanekom: "RE: Blessed Windows Security Templates"
- Reply: Jannie Hanekom: "RE: Blessed Windows Security Templates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
