RE: MS binary integrity baseline

From: Miroslaw Slawek Chorazy (mchorazy_at_depaul.edu)
Date: 08/20/04

  • Next message: dave kleiman: "RE: MS binary integrity baseline"
    Date: Fri, 20 Aug 2004 11:06:24 -0500
    To: <chris_conacher@hotmail.com>, <sconant@microsoft.com>, <sam@reefedge.com>
    
    

    Chris,

    what you are trying to accomplish I think falls within the scope of
    "Software Restriction Policies"
    this is a technology which will enable you to define rules to restrict
    or enable execution of programs (not just .exe)
    depending on Hashes, Certificates, Paths, Internet zones.

    the technology can be implemented on per-user or per-machine basis
    its really cool if you have an AD in place.

    You can read more about it SM Knowledge Base Article 324036

    Slawek

    >>> "Simon Conant" <sconant@microsoft.com> 8/20/2004 04:34 >>>
    http://support.microsoft.com/default.aspx?scid=kb;en-us;841290

    -----Original Message-----
    From: Sam Baskinger [mailto:sam@reefedge.com]
    Sent: Thursday, August 19, 2004 8:29 AM
    To: Chris Conacher
    Cc: focus-ms@securityfocus.com
    Subject: Re: MS binary integrity baseline

    Hi Chris,

    It's good practice to keep an up-to-date list of file hashes for any
    system you deploy. Before you deploy the system and after each
    upgrade
    you verify the hashes and take new ones if necessary.

    I acctually finished writing a script in python which does this on
    Linux
    and Win systems. If any are interested I'll happily post it to the
    list
    (160 lines in length) with the standard "USE AT YOUR OWN RISK"
    disclaimer.

    Currently I'm using the script to keep a closer eye on my testing
    machines (The Win boxes) and I've deployed it on my laptop (the Linux
    machine).

    Again, this isn't hard at *all* and it is something you can EASILY
    re-program for your shop and put in a scheduled task. Python also
    gives
    you some flexability in reporting etc etc etc.

    Sam

    Chris Conacher wrote:

    > Dear List
    >
    > Is there anything that performs binary integrity checks for Windows
    OS

    > such as rpm does for Redhat or apt does for Debian?
    >
    > I want something that will check Windows binaries against a trusted
    > source - MS site, install cd, etc so that I can determine integrity
    > baselines of current production systems before deploying an integrity

    > checking application.
    >
    > I would have thought that this would be something Microsoft would
    > provide, but have not seen anything.
    >
    > Thanks for any input
    >
    > Chris
    >
    > _________________________________________________________________
    > Express yourself with cool new emoticons
    > http://www.msn.co.uk/specials/myemo
    >
    >
    >
    ----------------------------------------------------------------------
    > -----
    >
    >
    ----------------------------------------------------------------------
    > -----
    >
    >

    ------------------------------------------------------------------------

    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: dave kleiman: "RE: MS binary integrity baseline"