OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brad Judy (judycolorado.edu)
Date: Mon Oct 29 2001 - 11:11:32 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    There are a number of good write-ups. Some of them are directed toward
    Server, but most aspects of hardening are common between the two. Here are
    a few of the ones I have used:

    "Windows 2000 Baseline Security Checklist" by Microsoft - there are also
    Server and IIS versions of this document available.
    http://www.microsoft.com/technet/security/tools/w2kprocl.asp

    "Hardening Windows 2000" by Phil Cox - From the book "Windows 2000 Security
    Handbook" Phil Cox et al.
    http://www.systemexperts.com/tutors/HardenW2K101.pdf

    Windows 2000 Security Recommendations Guides by the National Security
    Agency - directed toward federal agencies, but much is applicable to other
    organizations. Read the "Guide to Securing Microsoft Windows 2000 File and
    Disk Resources"
    http://nsa2.www.conxion.com/win2k/download.htm

    I like this guide from Yale as well - very similar to the one I am writing
    for our campus.
    http://www.yale.edu/its/security/Procedures/Securing/NT/w2k/

    A couple of other decent ones:

    Labmice.net
    http://www.labmice.net/articles/securingwin2000.htm

    ArsTechnica
    http://arstechnica.com/tweak/win2k/security/begin-1.html

    Most of these pages overlap greatly and some of them contradict each other,
    but there are differences in opinion in all fields. There are many other
    resources for Windows 2000 security. Out of the several W2K security book I
    have worked with, I like "Windows 2000 Security Handbook" by Phil Cox et al,
    and "Securing Windows NT/2000 Servers for the Internet" by Stefan Norberg.
    There is also a Windows 2000 reading room at SANS
    (http://www.sans.org/infosecFAQ/win2000/win2000_list.htm) with many good
    articles about various aspects of security in Windows 2000.

    I hope this helps and was not too much information.

    Brad Judy
    Information Technology Services
    University of Colorado at Boulder

    > -----Original Message-----
    > From: John Minnella [mailto:JohnMenvironics.ca]
    > Sent: Monday, October 29, 2001 7:50 AM
    > To: focus-mssecurityfocus.com
    > Subject: Secure Windows 2000 pro/server
    >
    >
    > Hi,
    > are there any good write ups on how to secure/harden Windows 2000 Pro?
    >