Home page logo

basics logo Security Basics mailing list archives

Re: Tool to check how good a windows server was hardened
From: Todd Haverkos <infosec () haverkos com>
Date: Mon, 07 Mar 2011 08:46:22 -0600

Juan B <juanbabi () yahoo com> writes:

 Hi all,

I am searching for a tool like MBSA from microfost which will run locally or 
remotely and check how good a server was harden an maybe compre its security 
status against market best practics, any suggestions?

thanks !

Configuration, Policy and compliance checking...  There are a lot of
goodies professing to do these things out there.  Which is best for
you depends on your audit drivers, what baseline/best practice you're
aiming for, and your existing systems management software base.

Commercial offerings in this space that I'm aware of include:


While you can scrape similar configuration information out of hosts
with credentialed scans using network vulnerability scanners (Nessus,
Nexpose, and the like), what those lack are the configuration policy
templates/baselines that might be baked in to these more
compliance-centric products.

Best Regards, 
Todd Haverkos, LPT MsCompE

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]