Re: Security Standards



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

Chad's link looks to be a good place to get you started.

This link
http://www.cpni.gov.uk/Products/technicalnotes/technicalarchive.aspx

is a technical notes archive from the UK's CPNI. You may find some extra
info in here. Essentially they're a bunch of best practice guides, but
i've used them a few times before.

Cheers

Phil

Boyd, Chad wrote:
The baseline that we used were the NSA Security Configuration Guides:
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml

They do a great job of telling you what settings to change for various scenarios. These, of course, should be modified to your environment, but these are a great jumping-off point.


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of s0h0us@xxxxxxxxx
Sent: Wednesday, January 06, 2010 1:30 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Security Standards

Hi,
As part of a PCI-DSS risk assessment I need to come up with security standards for all of our critical network devices, including windows servers. I've been directed to NIST publications and others but I'm finding that they are general documents rather than specific ones regarding what settings need to be configured, i guess like a checklist. can you recommend a site that might have them? i continue to search as i submit this posting...thanks! any information is appreciated. happy new year!!!


sOhO

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



- --

Phil Derbyshire CLAS B.Sc. (Hons)
Director
PDMD Consulting
tel: 07866 728 182
LinkedIn:
http://www.linkedin.com/pub/philip-derbyshire/a/81b/6b6
CESG:
http://www.cesg.gov.uk/find_a/clas/index.cfm?menuSelected=11&displayPage=1111&CLASid=6235
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBS0Whhn3bx89c0VTVAQJ10wgAoZ++tUOGpXnk9Hezn+KAD9/hlqZtd5SM
go92u/kvYEL8HrDxhJtht6+uolmWPmaMpVU4THEDL81cpJ9kya+RIJ5cj2CNy1RE
LIiktSr+ZxkanMi7vrRgSRH6qM+6dPAOHhLvxC/rQKOz+OaD0G7BTZ/WpQFhcV/D
v1jiJwyGiqYJ5TmOFmgbSxkKTqNU+QEGdyTWQm/KsJhZRhhOR6HdqFQVw05nvLmv
5rIfw5AZvivgO3+8PGpGpjXXe87vHHCRQDeYnJcXAB9gdNjphwk7nX7iYZOAme5X
Ox6KzB5VyaGiZBxOUCXu+3goJCddCdoNze8ORyFj+AzInLwbdqT0sg==
=4SnL
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Relevant Pages

  • Re: Security Toolkit for dummies
    ... Subject: Security Toolkit for dummies ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: Huge hidden process and port in Linux server
    ... I install rootkinhunter, chkrootkit and unhide in my local linux box. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: New FREE security tool!
    ... Hmm, only a Windows installer, and no actual source code. ... Certificate on your Apache web server. ... -- Securing Apache Web Server with thawte Digital Certificate In this ...
    (Security-Basics)
  • Re: Botnet Servers
    ... Subject: Firewall Review ... -- Securing Apache Web Server with thawte Digital Certificate In this ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: Botnet Servers
    ... Subject: Firewall Review ... -- Securing Apache Web Server with thawte Digital Certificate In this ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)