Security Basics mailing list archives

Re: Windows Secure Build Checklist

From: Noah.Lance () APCC com
Date: Wed, 25 Feb 2009 14:36:02 -0600

You probably need to really identify what you are wanting to accomplish, 
securing a box in a legacy environment, or in an enterprise? Your home 
box? Network Appliance?

Or are you wanting to accomplish a "Standard Image" to image all your 
boxes from so they have the "out-of-the-box" base security/configuration. 

This leads us into the applications on the box, but you did state just the 
base WindowsXP/2003 arena. However you will have to customize any 
checklist to accommodate to your environment. You may just want to utilize 
the MS Security configurator MMC, and build your local GPOs, or if its AD 
then you definitely need to identify current and project GPOs, and their 
effects.

Definitely step back a bit and identify your footprint, Identify aspects 
that are the easiest to recognize, start your outline with this. As you 
secure each identified piece, you will gain the intimate knowledge of your 
Network/system, adding additional information to your outline, hence 
creating the moving checklist to assist in maintaining your Secured 
environment and logs for the newcomer.

 Most STIGs (Security Technical Implementation Guides) are well over 
180pgs, with your requested checklists/steps to accomplish. But I've stuck 
with simplicity over the years and referenced U.S NSA/IA/DISA STIGs. 
CISecurity.org has a great benchmarking system. Their STIGs are based off 
NSA/IA/DISA/CERT standards and have the normal "leveled" security approach 
to accomplish over all security to environment details. These will have 
your "Checklists" as well, you can easily develop a nice checklist based 
off the Table of contents if you are in a hurry and feel quite confident 
in the how-to aspect. 









Brian Keogh <bwkeogh () gmail com> 
Sent by: listbounce () securityfocus com
02/23/2009 04:19 PM

To
security-basics () securityfocus com
cc

Subject
Windows Secure Build Checklist






All,
I'm aware of various tools and peice-meal procedures regarding secure
build guidance for Windows XP/2003 Server/Desktop machines.  Can
anyone please point me in the direction of a complete checklist with
regard to securing the listed operating systems.   I'm really just
looking for a single document for someone to work from. A straight
forward checklist etc. inline with best practice.
Any help appreciated.

-- 
Best regards.
Brian Keogh
     Information Security Specialist
     bwkeogh () gmail com

Current thread:

Windows Secure Build Checklist Brian Keogh (Feb 24)
- Re: Windows Secure Build Checklist Victor A. Abrahamsen (Feb 25)
  - RE: Windows Secure Build Checklist Jason Hurst (Feb 25)
- Re: Windows Secure Build Checklist Nikhil Wagholikar (Feb 25)
- RE: Windows Secure Build Checklist Florian Sicking (Feb 25)
- RE: Windows Secure Build Checklist Jacob (Feb 26)
- Message not available
  - Re: Windows Secure Build Checklist Brian Keogh (Feb 26)
- <Possible follow-ups>
- Re: Windows Secure Build Checklist rohnskii (Feb 25)
- Windows Secure Build Checklist David S (Feb 25)
- Re: Windows Secure Build Checklist jblanto5 (Feb 25)
- Re: Windows Secure Build Checklist Noah . Lance (Feb 25)
  - Re: Windows Secure Build Checklist jfvanmeter (Feb 26)
    - Re: Windows Secure Build Checklist Mike Devlin (Feb 26)