I just took it as another droll "blah, blah, blah, Microsoft security sucks,
blah, blah blah" post. *Any* content that compares current Microsoft
operating systems with NT (or even Win2000 in my mind) is either wanton,
biased techno-bashing or uninformed blithe rhetoric.
But back to the subject at hand...
As always, good hardening configurations embrace the concepts of security in
depth and least privilege. A *great* tool to help set strong security
settings (like netlogon protocol levels, SMB signing, etc), disable
services, set IIS options, IP port blocking, etc is the Security
Configuration Wizard that ships with Win2k3 SP1. The .xml file portability
and roll-back features are just great. It makes it really easy to go
through and tighten up your Win2k3 installs-even for "internal" servers that
most folks leave "open."
While "Group Policy" is my preferred method of securing assets en masse, the
SCW can be a great companion to securing boxes where applicable.
I'm also a big fan of IPSec policies... A little planning and testing in the
deployment of IPSec policies can result in some very strong security
postures.
t
----- Original Message -----
From: "Laura A. Robinson" <[EMAIL PROTECTED]>
To: "'matthew patton'" <[EMAIL PROTECTED]>; <[email protected]>
Sent: Thursday, November 10, 2005 9:48 AM
Subject: RE: What server hardening are you doing these days?
I'm having a difficult time grokking what your actual assertion is here.
What are you saying that Microsoft should have published that they haven't
published? Have you looked at the default permissions in Win2K3? Have you
looked at the changes in accounts related to Local System, Local Service
and
Network Service? I'm seeing a lot of vague accusation in your post, but
not
any explanation of what your point is.
Laura
-----Original Message-----
From: matthew patton [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 10, 2005 10:40 AM
To: [email protected]
Subject: Re: What server hardening are you doing these days?
I just love this bit from the MS release:
<blah, blah, blah snipped>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
