Re: Is our security team right

---

• From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 24 May 2006 22:03:01 -0500

---

That probably makes the most sense and follows guidance in the Windows 2003
Server Security Guide.

http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/s3sgch04.mspx

Though more inconvenient it is more secure to lockdown first and then find
out why something does not work rather then have it work and then lock it
down to see what happens. You probably won't find too many problems and you
can post back here and/or in the server.security newsgroup if you do and
maybe someone can help. The link below may help if you run into problems and
always check the logs via Event Viewer for clues. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;823659

<eddieturbo@xxxxx> wrote in message
news:1148382797.776230.322330@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi,

We are currently moving our clients systems to a new environment which
will require us to rebuild their environments from scratch onto new
hardware. The original servers were not built with any hardening
(Windows 2000) but we are going to correct this in the new environment.


Unfortunately someone in the security team has decided (presumably
cause it is easier for them) to build the standard OS and then harden
the machine. Only then are we going to be allowed to install our
applications on the servers!

Now excuse my ignorance but should it not be the other way around -
install OS, install Apps, confirm they are working, make (hardening)
security change, test app ........... if it still works continue, if it
does not then roll back hardening step and identify why it has broken
the app ????

Am I missing something? Can anyone point me to supporting documentation
which will allow me to stop this happening (and me spending weeks
trying to work out what is wrong)?

Thanks,

EddieT

.

---

• References:
  • Is our security team right
    • From: eddieturbo

• Prev by Date: Re: System Month has change to 6
• Next by Date: Re: Show permissions
• Previous by thread: Re: Is our security team right
• Next by thread: Re: Is our security team right
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Security policy / ACL ... Was your hardening of the Windows 2003 servers done only ... at the group policy setting and services levels, ... (microsoft.public.security) From Tracker.... ... Remember, we're talking about Windows Platforms 95,98 ... provided with Cable/DSL dial-up accounts. ... Wrong IP no news. ... We aren't talking about News Servers here (at the ... (comp.security.firewalls) number 2 ... Remember, we're talking about Windows Platforms 95,98 ... provided with Cable/DSL dial-up accounts. ... Wrong IP no news. ... We aren't talking about News Servers here (at the ... (alt.computer.security) From Tracker.... ... Remember, we're talking about Windows Platforms 95,98 ... provided with Cable/DSL dial-up accounts. ... Wrong IP no news. ... We aren't talking about News Servers here (at the ... (microsoft.public.security) From Tracker.... ... Remember, we're talking about Windows Platforms 95,98 ... provided with Cable/DSL dial-up accounts. ... Wrong IP no news. ... We aren't talking about News Servers here (at the ... (microsoft.public.security.virus)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.win2000.security  > 2006-05