That is very useful.. Two others in same series that may be helpful:
The_Administrator_Accounts_Security_Planning_Guide
The_Security_Monitoring_and_Attack_Detection_Planning_Guide
Justin F. Knox wrote:
First off, I have to say that this is one of the more attention
getting threads I've seen in a while here. This got my attention
because I'm in the process of fleshing out the Windows server
configuration standard for my employer. I've been reading most of the
guides that have flown through this thread, and they're valuable
resources, so I figure I'll add one I've found:
http://www.microsoft.com/technet/security/topics/serversecurity/serviceaccount/default.mspx
^^ that's "The Services and Service Accounts Security Planning Guide,"
and it has a place in my hardening toolkit.
it completely reinforces the concept of least privilege, and gives
excellent guidance in deriving what kind of account is needed for
specific occasions.
As far as people being concerned with hotfixes causing their hardened
servers to implode: I've found that VMware's product line is ideal for
building out a lab on a budget. I'm using VMware workstation combined
with the P2V Assistant to create a complete virtual lab of my
production network. I can test patches in a sandbox without having to
worry about having an impact on production. Other tools --
sysinternals.com, filemonNT, regmonNT, process explorer and their ilk
are fabulous for tracking what is happening and what apps need what
privileges.
hope that somone finds my post helpful -- I've found quite a bit of
nice info in this thread already :)
--Justin
Laura A. Robinson wrote:
Very well put, Mike. I think that when people haven't looked at the
guides,
they may not realize that the bulk of what is in them is informative
rathter
than a simple "do this...do that" set of instructions. I personally
believe
that anybody who is touching Win2K3, claims interest in security, yet
hasn't
read the Microsoft Security Guidance documents should spend a few
days with
those guides before making any proclamations. One can't speak to that
which
one does not yet know. :-)
Laura
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
