For the Windows based systems you could use Securit-e-Lok at www.securit-e-doc.com
Dave Kleiman [EMAIL PROTECTED] www.netmedic.net -----Original Message----- From: Tony Toni [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 22:27 To: [EMAIL PROTECTED] Subject: Server Configuration Standards Hi, How many of you have very specific configuration standards for the various flavors of Windows and UNIX production servers? We have high level 3 page standard for both the Unix and Windows platforms. This is about to change as a result of recommendation from a consultant. A private consultant has convinced our CIO that we need very detailed configuration standards for each server platform (ie AIX, Solaris, Win2k, NT, etc). He has provided us the requirements for each platform that is about 5 to 20 pages long . We have about 700 production servers that includes just about every flavor of Unix/Window/Linux.. It has been like pulling teeth trying to get our admins to operate in a secure and controlled environment...it is like the wild west. One of the work goals assigned to me by the CIO is to help ensure the successful adoption of these polices. I will be sort of a like a project manager but have no enforcement authority. I know that it is going to be an up hill battle. Does your company have detailed configuration requirements for servers? What are the operational challenges in doing this? What are some good arguments I can use to persuade the admins that this is not an impossible task. Tony CIA,CISA,CDP,MBA Security and Audit Services Nations Banking & Trust _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
