Re: What server hardening are you doing these days?

Sat, 12 Nov 2005 08:00:11 -0800

First off, I have to say that this is one of the more attention getting threads I've seen in a while here. This got my attention because I'm in the process of fleshing out the Windows server configuration standard for my employer. I've been reading most of the guides that have flown through this thread, and they're valuable resources, so I figure I'll add one I've found: 

http://www.microsoft.com/technet/security/topics/serversecurity/serviceaccount/default.mspx
^^ that's "The Services and Service Accounts Security Planning Guide," and it has a place in my hardening toolkit. it completely reinforces the concept of least privilege, and gives excellent guidance in deriving what kind of account is needed for specific occasions. 


As far as people being concerned with hotfixes causing their hardened 
servers to implode: I've found that VMware's product line is ideal for 
building out a lab on a budget. I'm using VMware workstation combined 
with the P2V Assistant to create a complete virtual lab of my production 
network. I can test patches in a sandbox without having to worry about 
having an impact on production. Other tools -- sysinternals.com, 
filemonNT, regmonNT, process explorer and their ilk are fabulous for 
tracking what is happening and what apps need what privileges.



hope that somone finds my post helpful -- I've found quite a bit of nice 
info in this thread already :)


--Justin

Laura A. Robinson wrote:


Very well put, Mike. I think that when people haven't looked at the guides,
they may not realize that the bulk of what is in them is informative rathter
than a simple "do this...do that" set of instructions. I personally believe
that anybody who is touching Win2K3, claims interest in security, yet hasn't
read the Microsoft Security Guidance documents should spend a few days with
those guides before making any proclamations. One can't speak to that which
one does not yet know. :-)


Laura  



---------------------------------------------------------------------------
---------------------------------------------------------------------------
























					Reply via email to