RE: Security Standards

["Rivest, Philippe" <PRivest () transforce ca>]

Just a side note, your provider should have these documents already made no?
IE: Microsoft already has a security baseline standard for their products,
just follow it and adapt it to your environment?


        

Philippe Rivest - CISSP, CISA, CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Vérificateur interne - Sécurité de l'information

8585 Trans-Canada Highway, Suite 300
Saint-Laurent (Quebec) H4S 1Z6
Tel.: 514-331-4417 
Fax: 514-856-7541

> > Web Site

                
        

-----Message d'origine-----
De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De
la part de Boyd, Chad
Envoyé : 6 janvier 2010 16:30
À : s0h0us () yahoo com; security-basics () securityfocus com
Objet : RE: Security Standards

The baseline that we used were the NSA Security Configuration Guides:
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_syste
ms.shtml

They do a great job of telling you what settings to change for various
scenarios. These, of course, should be modified to your environment, but
these are a great jumping-off point.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of s0h0us () yahoo com
Sent: Wednesday, January 06, 2010 1:30 PM
To: security-basics () securityfocus com
Subject: Security Standards

Hi,
As part of a PCI-DSS risk assessment I need to come up with security
standards for all of our critical network devices, including windows
servers. I've been directed to NIST publications and others but I'm finding
that they are general documents rather than specific ones regarding what
settings need to be configured, i guess like a checklist. can you recommend
a site that might have them? i continue to search as i submit this
posting...thanks! any information is appreciated. happy new year!!!


sOhO

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------

Attachment: smime.p7s
Description: