Security Basics mailing list archives
RE: Security Standards
From: "Rivest, Philippe" <PRivest () transforce ca>
Date: Thu, 7 Jan 2010 09:52:54 -0500
Just a side note, your provider should have these documents already made no? IE: Microsoft already has a security baseline standard for their products, just follow it and adapt it to your environment? Philippe Rivest - CISSP, CISA, CEH, Network+, Server+, A+ TransForce Inc. Internal auditor - Information security Vérificateur interne - Sécurité de l'information 8585 Trans-Canada Highway, Suite 300 Saint-Laurent (Quebec) H4S 1Z6 Tel.: 514-331-4417 Fax: 514-856-7541
Web Site
-----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de Boyd, Chad Envoyé : 6 janvier 2010 16:30 À : s0h0us () yahoo com; security-basics () securityfocus com Objet : RE: Security Standards The baseline that we used were the NSA Security Configuration Guides: http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_syste ms.shtml They do a great job of telling you what settings to change for various scenarios. These, of course, should be modified to your environment, but these are a great jumping-off point. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of s0h0us () yahoo com Sent: Wednesday, January 06, 2010 1:30 PM To: security-basics () securityfocus com Subject: Security Standards Hi, As part of a PCI-DSS risk assessment I need to come up with security standards for all of our critical network devices, including windows servers. I've been directed to NIST publications and others but I'm finding that they are general documents rather than specific ones regarding what settings need to be configured, i guess like a checklist. can you recommend a site that might have them? i continue to search as i submit this posting...thanks! any information is appreciated. happy new year!!! sOhO ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------
Attachment:
smime.p7s
Description:
Current thread:
- Security Standards s0h0us (Jan 06)
- RE: Security Standards Boyd, Chad (Jan 06)
- Re: Security Standards Wim Remes (Jan 07)
- Re: Security Standards Phil Derbyshire (Jan 07)
- RE: Security Standards Rivest, Philippe (Jan 07)
- RE: Security Standards Youngquist, Jason R. (Jan 07)
- RE: Security Standards lgpm (Jan 07)
- Re: Security Standards John Morrison (Jan 07)
- RE: Security Standards Andy Tripp (Jan 07)
- Re: Security Standards LAS (Jan 08)
- RE: Security Standards Boyd, Chad (Jan 06)
- RE: Security Standards Craig S. Wright (Jan 07)
- USB Vulnerabilities Exploited Phil Derbyshire (Jan 07)
- Re: Security Standards Todd Hughes (Jan 07)
- Re: Security Standards John Morrison (Jan 07)
- <Possible follow-ups>
- Re: Security Standards las (Jan 08)